PQ62603: AFTER A SUCCESSFUL AUTHENTICATION, JSESSION=XXX NOT BEING PASSED TO THE APPSERVER CAUSES AUTHENTICATION TO BEGIN AGAIN | |||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The customer is using Form-Based Login WebSecurity and at the same time, his application is using URL Rewriting to maintain the session state. The two functions are working if used separatly. When after calling the start URL the Form-Login apears and does the Authentication correctly and displays the correct page afterward. But all links (which all contain the jsessionid=xxx in the URL) to other parts of the application are not working. Instead, the LoginForm is displayed again.Local fix Problem summary **************************************************************** * USERS AFFECTED: All Users of the WebSphere Application * * Server Version 4.0.1 for z/OS and OS/390 * * using the local redirector plug-in, who * * are doing session URL rewriting, and Web * * security, may be affected. * **************************************************************** * PROBLEM DESCRIPTION: Session URL Rewriting appends a string * * prefixed with ";jsessionid=" to the * * URL. This append may cause the Web * * security check for the new URL to * * fail. * **************************************************************** * RECOMMENDATION: * **************************************************************** When the rewritten URL is returned to the WebSphere for z/OS, local redirector plug-in fails to detect the challenge due to the appended data and consequently ignores the Form response data. This causes the user to get challenged again.Problem conclusion WebSphere for z/OS local redirector plug-in has been changed to strip off the appended string from the URL before it performs the Web security check. This change affects the following COMPIDs: 5655A9800 R401 for z/OS and OS/390. The code changes are stored in CMVC under defect PQ62603. 401Y EJSJWBJR * Cross Reference between External and Internal NamesTemporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ62603
IBM Group: Software Group
Modified date: Sep 4, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.