Name: PK37174
=============
 
Summary:
   Portal session protection does not handle portlet sessions
 
Problem Description:
   If a user tries to access a session of another user at the moment only the portal session but not the portlet sessions are invalidated, exposing data of the portlets from the wrong user.
 
Problem Solution:
   If a portal session violation is detected not only the portal session but also the portlet sessions are cleaned up
 
Failing Module(s):
   Portal Access Control
   Authorization/Authentication (login/logout)
 
Affected Users:
   All users
 
Version Information:
    Portal Version(s): 5.1.0.4
     Pre-Requisite(s): PK30774 
      Co-Requisite(s): ---
 
Platform Specific:
   This fix applies to all platforms.
 
Installation:
   NOTE:  YOU MUST FIRST DOWNLOAD THE UPDATE INSTALLER TOOL IN ORDER TO INSTALL A FIX.
          The Portal Update Installer can be downloaded from the following link:
          http://www.ibm.com/software/genservers/portal/support
 
   1. Create temporary "fix" directory to store the jar file.
   2. Copy jar file to this directory.
   3. Shutdown WebSphere Portal.
   4. Follow the fix installation instructions that are packaged with
      the Portal Update Installer on how to install the fix.
   5. Restart WebSphere Portal.
   6. The temporary directory may be removed.
 
Un-Installation:
   NOTE:  FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED.  DO NOT REMOVE
          A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED.
          YOU MAY REAPPLY ANY REMOVED FIX.
 
   1. Shutdown WebSphere Portal.
   2. Follow the instructions that are packaged with the
      Portal Update Installer on how to uninstall the fix.
   3. Restart WebSphere Portal.