PQ68527: WAS 4.0.2, STRINGINDEXOUTOFBOUNDSEXCEPTION CAUSED BY AN EMPTY VALUE FOR A COOKIE NAME

 A fix is available

4.0.6: WebSphere Application Server Version 4.0 Fix Pack 6



APAR status
Closed as program error.

Error description
Customer is getting the following error:
java.lang.StringIndexOutOfBoundsException: String index out of
 at
 com.ibm.servlet.engine.srt.CookieHandler.getCookiesFromString(C
 ler.java(Compiled Code))
 at
 com.ibm.servlet.engine.srt.CookieHandler.getCookiesFromString(C
 ler.java(Compiled Code))
 at
com.ibm.servlet.engine.srt.CookieHandler.getCookiesFromHeaderFie
 eHandler.java(Compiled Code))
 at
 com.ibm.servlet.engine.srt.SRTServletRequest.getCookies(SRTServ
 t.java(Compiled Code))
.
The error is being caused because a empty value is being
passed into a cookie.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: Any users of WebSphere Application Server    *
*                 version 4.0 with applications using HTTP     *
*                 cookies.                                     *
****************************************************************
* PROBLEM DESCRIPTION: Empty cookie names are causing          *
*                      StringIndexOutOfBoundsExceptions        *
*                      to be thrown.                           *
*                                                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Empty cookie names will return unpredictable values for a
request and the use of empty cookie names should be avoided.
However, the presence of a cookie without a name should not
cause a StringIndexOutOfBoundsException and result in WebSphere
Application Server not completing the request.  WebSphere is
failing while looking for the special cookie names beginning
with a "$".
Problem conclusion
A check has been placed in the code for a cookie without
a name at all (null), or a cookie with a blank name (a zero
length string).  If either of these situations occur, we
already know cookie is not one of the special "$" cookies
and no further processing of the cookie name is needed.
Temporary fix Comments
APAR information
APAR number PQ68527
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-11-22
Closed date 2003-01-20
Last modified date 2003-01-29

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ70412

Modules/Macros
ENGINE          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ68527
IBM Group: Software Group
Modified date: Jan 29, 2003