PQ96568: CLEAN-UP OF THE SESSION OBJECT WHEN OUTOFMEMORY EVENT OCCURS

APAR status
Closed as program error.

Error description
WebSphere 4.0.x session management can return an incorrect
session object on the getSession() when OutOfMemory errors
occur before getSession() call.
It is WebSphere administrator responsibility to configure
sufficient AppServer JVM settings so that OutOfMemory problems
never occur, but WebSphere Session Management & Web Container
code can be updated so that an additional clean-up of the
session object is done when OutOfMemory problems occur so that
we prevent to return an incorrect session object on getSession()
call.
.
This problem was reported in WebSphere 4.0.7 release running
on Solaris platform, but it might be possiblke that the same
problem exists in WebSphere 5.0/5.1 releases.
Local fix
To configure sufficient JVM heap settings so that OutOfMemory
problems never occur (the Application never runs out of the
JVM heap, tha might be related to insufficient JVM heap
settings or to a possible leak in the Application).
Problem summary
****************************************************************
* USERS AFFECTED: Any users that are using HTTP Session        *
****************************************************************
* PROBLEM DESCRIPTION: When an OutOfMemory error happens,      *
*                      servlet engine returns a wrong HTTP     *
*                      session.                                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When OutOfMemory error happens, servlet engine is unable to
perform cleanup properly.  As a result, the servlet engine
returns the previous session of the HTTP request handling
thread.
Problem conclusion
Session manager now double check the session's id with
cookie's JSESSIONID before it returns.  If they mismatch,
session manager will re-fetch the correct session.

The fix for this APAR will be available via iFix
PQ96568.
Temporary fix Comments
APAR information
APAR number PQ96568
Reported component name WEBSPHERE AE SO
Reported component ID 5630A2202
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2004-11-01
Closed date 2004-12-02
Last modified date 2004-12-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ96771

Modules/Macros
SESSION          

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ96568
IBM Group: Software Group
Modified date: Dec 2, 2004