PQ67436: INCORRECT SESSION IDS ON REQUESTS FOR APPLICATIONS WITH MORE THAN 1 PATH/CONTEXT ROOT IN WEBSPHERE APPLICATION SERVER V4.01

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
When an application is deployed to WebSphere Application Server
v4.01 for zOS that contains multiple paths/context roots,
session data may be lost between requests. Currently, this is
a limitation on WebSphere zOS. This apar will add the ability
to have multiple paths/context roots within an application.
Local fix
use a single path/context root into the application
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390 who use the       *
*                 HTTP Session API and use cookies to          *
*                 transport the session id between client      *
*                 and server.                                  *
****************************************************************
* PROBLEM DESCRIPTION: WebSphere Application Server V4.0.1 for *
*                      z/OS and OS/390 sets the path of the    *
*                      session cookie such that the cookie may *
*                      not be sent on a request if a proxy     *
*                      server is in use. It appears to the     *
*                      application as if the session data has  *
*                      been lost.                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The path of the session cookie is set to contain the context
root of the web application. This allows a single client to
maintain multiple sessions for mulitiple web applications since
each application has its own unique session cookie. A specific
cookie is only sent on a request when the request URI contains
the context root. When a proxy server is in use, that may not
be the case, since a proxy server can be configured to map
multiple URIs to a context root. Therefore, there may be no
session cookie sent on a request, which results in a lost
session.
Problem conclusion
WebSphere Application Server V4.0.1 for z/OS and OS/390 will be
modified to set the cookie path to a constant value, rather
than a webapp specific value. This value is whatever is
configured in the webcontainer.conf file for the
session.cookie.path property (which defaults to "/"). This
results in the cookie being sent on every request, regardless
of the URI. If a client establishes sessions to more than one
web application, all sessions will have the same session id.
Since sessions are scoped by web application, each session
is still unique and maintained separately. This behavior is
functionally equivalent with WebSphere Application Server
V4.0.1 AE.

The following publication was revised as a result
of APAR PQ67436:
________________________________________________________________
WebSphere Application Server V4.0.1 for z/OS and OS/390
Assembling Java 2 Platform, Enterprise Edition (J2EE)
Application SA22-7836-05:
________________________________________________________________

NOTE: Periodically, we refresh the documentation on our
Web site, so the changes might have been made before you
read this text. To access the latest on-line
documentation, go to the product library page at:

http://www.ibm.com/software/webservers/appserv/zos_os390/
library.html

This APAR contains replacements and updates for the following
sections of WebSphere Application Server V4.0.1 for z/OS and
OS/390: Assembling Java 2 Platform, Enterprise Edition (J2EE)
Applications, SA22-7836-05:
_________________________________________________________
"HTTP session support" contained in Chapter 4
________________________________________________________________
"Steps for configuring HTTP Session Support" contained in
Chapter 8.
________________________________________________________________
It also includes an update to "Appendix A: Environment and JVM
properties files". Changes are marked with revision bars in the
left margin.
________________________________________________________________
The following restriction has been removed from the section
"Configure URL rewriting" in Chapter 8:
If you are going to use URL rewriting and maintain your session
data in-memory, only one server region can be defined for your
J2EE server instance. You can now maintain session data
in-memory across server regions using either cookies or URL
rewriting.
________________________________________________________________
For the full document supporting APAR PQ67436 go to URL:


http://www-3.ibm.com/software/webservers/appserv/zos_os390/
support.html

and select the Product information link in the left hand
navigation. The document to reference is called
"Documentation for the New Session Support Provided in APAR
PQ67436".

APAR PQ67436 is associated with SERVICE LEVEL W401407 of
WebSphere Application Server V4.0.1 for z/OS and OS/390.
Temporary fix Comments
 **** PE03/01/31 FIX IN ERROR. SEE APAR 
PQ70519  FOR DESCRIPTION
APAR information
APAR number PQ67436
Reported component name WEBSPHERE OS/39
Reported component ID 5655A9800
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-10-21
Closed date 2002-12-20
Last modified date 2003-02-14

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
EJSJWCWC          

Fix information
Fixed component name WEBSPHERE OS/39
Fixed component ID 5655A9800

Applicable component levels
R401 PSY UQ72838    UP03/01/03 P F301

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ67436
IBM Group: Software Group
Modified date: Feb 14, 2003