Fixes are available
8.0.0.2: WebSphere Application Server V8.0 Fix Pack 2
8.0.0.3: WebSphere Application Server V8.0 Fix Pack 3
8.0.0.4: WebSphere Application Server V8.0 Fix Pack 4
8.0.0.5: WebSphere Application Server V8.0 Fix Pack 5
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
APAR status
Closed as program error.
Error description
When the session security feature is turned on (which is the default in WebSphere Application Server Version 8.0), and multiple sessions are using the same user ID, when a user logs out of one session, another session might receive an error when a different user who has logged in with the same user ID logs out: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user: {<user>}
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server running with session-security * * integration enabled. * **************************************************************** * PROBLEM DESCRIPTION: When the subject is not found in the * * security authentication cache during * * logout, SESN0008E error is logged. * **************************************************************** * RECOMMENDATION: * **************************************************************** When the subject is not found in the authentication cache, the proper identity of the caller is not established and that results in the SESN00008E error. This situation can occur for one of several reasons. 1) Authentication cache is disabled. 2) Subject has timed out of authentication cache. 3) Multiple sessions with same user doing login and logout simultaneously.
Problem conclusion
The code was corrected to properly establish the caller's identity even if the subject is not found in the security authentication cache. The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.25 and 8.0.0.2. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM47514
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-09-09
Closed date
2012-04-02
Last modified date
2012-04-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R700 PSY
UP
R800 PSY
UP
Document Information
Modified date:
28 October 2021