IBM Support

PM95756: SERVER LOGS FLOODED WITH SESN0008E ERRORS

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Server logs flooded with following SESN0008E errors
    WASSessionCor E SessionContext checkSecurity SESN0008E: A user
    authenticated as anonymous has attempted to access a session
    owned by
    user:defaultWIMFileBasedRealm/uid=xxxxxx,CN=USERS,dc=aaaaa
    ,dc=ibm,dc=com.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server V8.5       *
    *                  users of JAX-WS web services applications   *
    ****************************************************************
    * PROBLEM DESCRIPTION: SystemOut.log is flooded with SESN0008E *
    *                      errors.                                 *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Server logs are flooded with following SESN0008E errors
    WASSessionCor E SessionContext checkSecurity SESN0008E: A user
    authenticated as anonymous has attempted to access a session
    owned by
    user:defaultWIMFileBasedRealm/uid=xxxxxx,CN=USERS,dc=aaaaa
    ,dc=ibm,dc=com.
    In SystemErr.log, there is the following error stack:
    [8/16/13 17:53:28:791 CEST] 000000e7 SystemErr     R
    java.lang.RuntimeException: DEBUG EXCEPTION!
    [8/16/13 17:53:28:791 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.session.SessionContext.checkSecurity(SessionContext.j
    ava:1382)
    [8/16/13 17:53:28:791 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.session.SessionContext.doSecurityCheck(SessionContext
    .java:561)
    [8/16/13 17:53:28:791 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.session.SessionContext.getIHttpSession(SessionContext
    .java:508)
    [8/16/13 17:53:28:792 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.session.SessionContext.getIHttpSession(SessionContext
    .java:426)
    [8/16/13 17:53:28:792 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.webcontainer.srt.SRTRequestContext.getSession(SRTRequ
    estContext.java:104)
    [8/16/13 17:53:28:792 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.webcontainer.srt.SRTServletRequest.getSession(SRTServ
    letRequest.java:2152)
    [8/16/13 17:53:28:792 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.websvcs.transport.http.WASAxis2HttpServletRequestImpl
    .getSession(WASAxis2HttpServletRequestImpl.java:366)
    [8/16/13 17:53:28:792 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.websvcs.transport.http.WASAxis2Servlet.createAndSetIn
    itialParamsToMsgCtxt(WASAxis2Servlet.java:1868)
    [8/16/13 17:53:28:792 CEST] 000000e7 SystemErr     R  at
    com.ibm.ws.websvcs.transport.http.WASAxis2Servlet.doPost(WASAxis
    2Servlet.java:1522)
    ...
    

Problem conclusion

  • If session security integration is enabled, Application Server
    session management will check whether the request user is
    authorized to access the requested session. When the JAX-WS
    runtime tries to access the session and the security context
    happens to be not populated at that time, the security check
    done by session management will fail.
    
    The JAX-WS runtime has been changed to handle this scenario
    correctly.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.1  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM95756

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-08-23

  • Closed date

    2013-09-04

  • Last modified date

    2013-09-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PM95756

Modified date: 04 September 2013


Translate this page: