PQ67436: INCORRECT SESSION IDS ON REQUESTS FOR APPLICATIONS WITH MORE THAN 1 PATH/CONTEXT ROOT IN WEBSPHERE APPLICATION SERVER V4.01 | |||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description When an application is deployed to WebSphere Application Server v4.01 for zOS that contains multiple paths/context roots, session data may be lost between requests. Currently, this is a limitation on WebSphere zOS. This apar will add the ability to have multiple paths/context roots within an application.Local fix use a single path/context root into the applicationProblem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 who use the * * HTTP Session API and use cookies to * * transport the session id between client * * and server. * **************************************************************** * PROBLEM DESCRIPTION: WebSphere Application Server V4.0.1 for * * z/OS and OS/390 sets the path of the * * session cookie such that the cookie may * * not be sent on a request if a proxy * * server is in use. It appears to the * * application as if the session data has * * been lost. * **************************************************************** * RECOMMENDATION: * **************************************************************** The path of the session cookie is set to contain the context root of the web application. This allows a single client to maintain multiple sessions for mulitiple web applications since each application has its own unique session cookie. A specific cookie is only sent on a request when the request URI contains the context root. When a proxy server is in use, that may not be the case, since a proxy server can be configured to map multiple URIs to a context root. Therefore, there may be no session cookie sent on a request, which results in a lost session.Problem conclusion WebSphere Application Server V4.0.1 for z/OS and OS/390 will be modified to set the cookie path to a constant value, rather than a webapp specific value. This value is whatever is configured in the webcontainer.conf file for the session.cookie.path property (which defaults to "/"). This results in the cookie being sent on every request, regardless of the URI. If a client establishes sessions to more than one web application, all sessions will have the same session id. Since sessions are scoped by web application, each session is still unique and maintained separately. This behavior is functionally equivalent with WebSphere Application Server V4.0.1 AE. The following publication was revised as a result of APAR PQ67436: ________________________________________________________________ WebSphere Application Server V4.0.1 for z/OS and OS/390 Assembling Java 2 Platform, Enterprise Edition (J2EE) Application SA22-7836-05: ________________________________________________________________ NOTE: Periodically, we refresh the documentation on our Web site, so the changes might have been made before you read this text. To access the latest on-line documentation, go to the product library page at: http://www.ibm.com/software/webservers/appserv/zos_os390/ library.html This APAR contains replacements and updates for the following sections of WebSphere Application Server V4.0.1 for z/OS and OS/390: Assembling Java 2 Platform, Enterprise Edition (J2EE) Applications, SA22-7836-05: _________________________________________________________ "HTTP session support" contained in Chapter 4 ________________________________________________________________ "Steps for configuring HTTP Session Support" contained in Chapter 8. ________________________________________________________________ It also includes an update to "Appendix A: Environment and JVM properties files". Changes are marked with revision bars in the left margin. ________________________________________________________________ The following restriction has been removed from the section "Configure URL rewriting" in Chapter 8: If you are going to use URL rewriting and maintain your session data in-memory, only one server region can be defined for your J2EE server instance. You can now maintain session data in-memory across server regions using either cookies or URL rewriting. ________________________________________________________________ For the full document supporting APAR PQ67436 go to URL: http://www-3.ibm.com/software/webservers/appserv/zos_os390/ support.html and select the Product information link in the left hand navigation. The document to reference is called "Documentation for the New Session Support Provided in APAR PQ67436". APAR PQ67436 is associated with SERVICE LEVEL W401407 of WebSphere Application Server V4.0.1 for z/OS and OS/390.Temporary fix Comments **** PE03/01/31 FIX IN ERROR. SEE APAR PQ70519 FOR DESCRIPTION
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ67436
IBM Group: Software Group
Modified date: Feb 14, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.