IBM Support

PI82527: ODR SESSION AFFINITY BREAKS WHEN REQUEST CONTAINS MULTIPLE SESSION COOKIES OF THE SAME NAME

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When the Cookie request header contains multiple session
    cookies of the same name (ie. JSESSIONID), the ODR currently
    only looks at the first one.  If that first cookie does not
    have a valid cloneID for this cell, session affinity is
    broken.
    
    The ODR code needs to be changed to look at ALL session
    cookies
    in the Cookie request header and look for ANY valid cloneID.
    

Local fix

  • The work around is to change the session cookie name in the WAS
    configuration to something unique, so that each WAS cluster
    will have a different session cookie name.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server WAS ND edition- Virtual              *
    *                  Enterprise/IM On Demand Router (ODR)        *
    *                  Component                                   *
    ****************************************************************
    * PROBLEM DESCRIPTION: The On Demand Router (ODR) breaks       *
    *                      session affinity when the request       *
    *                      Cookie header contains duplicate        *
    *                      session cookie keys.                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The On Demand Router (ODR) breaks session affinity when the
    request Cookie header contains duplicate session cookie keys
    (e.g. JSESSIONID). The ODR currently only looks at the first
    session cookie key, as it is expecting only one, in the request
    Cookie header. If the first session cookie processed by the ODR
    does not contain a valid Clone/Partition ID then session
    affinity is lost.
    

Problem conclusion

  • The xd.dwlm.client component of the On Demand Router (ODR) has
    been altered to examine all session cookie keys in the Cookie
    header of a request ensuring a valid Clone/Partition ID is found
    and session affinity is maintained.
    
    The fix for this APAR is currently targeted for inclusion in fix
    packs 8.5.5.13 and 9.0.0.5.  Please refer to the Recommended
    Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI82527

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-06-02

  • Closed date

    2017-09-11

  • Last modified date

    2017-09-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PI82527

Modified date: 11 September 2017


Translate this page: