IBM Support

PM44750: GETSESSION(FALSE) SHOULD NOT THROW AN UNAUTHORIZEDSESSIONREQUESTEXCEPTION

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • getSession(false) should not throw an
    UnauthorizedSessionRequestException, but should return null
    instead
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server version 8.0                          *
    ****************************************************************
    * PROBLEM DESCRIPTION: An                                      *
    *                      UnauthorizedSessionRequestException     *
    *                      is thrown when                          *
    *                      SessionSecurityIntegration is enabled   *
    *                      and a user calls getSession(false).     *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When getSession(false) is called on a request, a null session
    value can be returned.  A null value should be returned
    instead of an UnauthorizedSessionRequestException.
    

Problem conclusion

  • The session management code was updated to allow for a null
    session value to be returned instead of an
    UnauthorizedSessionrequestException when the
    ThrowSecurityExceptionOnGetSessionFalse session management
    custom property is set to false.  The default for this custom
    property is true.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.0.0.2.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM44750

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-07-29

  • Closed date

    2011-10-11

  • Last modified date

    2011-10-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R800 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 8.0

Reference #: PM44750

Modified date: 11 October 2011