PQ78640: SESN0008E SESSION ERROR ON LOGOFF WHEN SESSION SECURITY ENABLED | |||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||
APAR status Closed as Permanent restriction. Error description Logout produces SESN0008E when form logout is used and session security is enabled. Customer is using LDAP as registry and Single Signon (SSO) is enabled. Keywords: security integration log off out logout msgsesn0008eLocal fix Ensure all URI's are protected, including the URI for ibm_security_logout.Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users who * * enable session security integration and * * use Form Logout. * **************************************************************** * PROBLEM DESCRIPTION: Logout may fail if session security * * integration is enabled. * **************************************************************** * RECOMMENDATION: Secure the URI /ibm_security_logout. * **************************************************************** If session security integration is enabled, and logout servlet is not protected, logout will fail to delete the session.Problem conclusion If logout servlet is not protected, no invocation credential is set in the executed thread, and session manager could not find security credential for Logout servlet, thus does not allow Logout servlet to look up session when session security is integrated. The work-around is to protect logout servlet, /ibm_security_logout. This issue is under reivew and may be resolved in future releases.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ78640
IBM Group: Software Group
Modified date: Nov 4, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.