PQ70020: WHEN AN ADDITIONAL COOKIE IS USED CALLED JSESSIONID TO THE WAS COOKIE JSESSIONID, PLUGIN UNABLE TO DISTINGUISH CORRECT VALUE.

 Fixes are available

4.0.6: WebSphere Application Server Version 4.0 Fix Pack 6
4.0.2-4.0.7: Plug-in component cumulative fix



APAR status
Closed as program error.

Error description
Customer has some other application that puts a cookie in
the header called jsessionid. This value is numberic where the
WAS JSESSIONID value is alphanumberic with the clone ID at the
end. Their cookie was before our sesion cookie and the plugin
parsed and used the value of their cookie mistaking it for our
JSESSIONID value. The plugin was not able to find a clone for
this value so it defaulted to round robin instead of persistent
sessions, thereby broking the session for the application.
Local fix
Local fix for this is to change the cookie name for the
persistent session cookies. After this, the customer cookie
named jsessionid will not interfer with the plugin persistent
session function.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server version 4.0     *
*                 users of the webserver plugins.              *
****************************************************************
* PROBLEM DESCRIPTION: Affinity was breaking at the plugin     *
*                      level because 2 JSESSIONID cookies were *
*                      present in the request.  One was all    *
*                      upper case and one was all lower case.  *
*                      However, the plugin was searching       *
*                      case insensitively.                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The plugin would pick the wrong JSESSIONID cookie because it
would search case insensitively for it in the Cookie header.
Problem conclusion
Changed the plugin so that it performs a case sensitive search
of the Cookie header for the JSESSIONID cookie.
Temporary fix
A fix was delivered to the customer in the form of
PQ70020_eFix_
AEServer_AEsServer.jar.
Comments
APAR information
APAR number PQ70020
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-01-19
Closed date 2003-04-07
Last modified date 2003-04-07

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
Plugin          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ70020
IBM Group: Software Group
Modified date: Apr 7, 2003