IBM Support

PH05579: ZWAS ABEND130 RC02350001 DURING INVALIDATION OF A SESSION FOLLOWING HTTPSERVLETREQUESTWRAPPER.CHANGESESSIONID

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Customer noted a servant ending unexpectedly with a GRS
    abend130 rc02350001:
    CEE3250C The system or user abend S130  R=02350001 was issued.
    From entry point bboossnq(BBOOSSNQ_Functions,...) at compile
    unit offset +0000000036CB40BA at entry offset -00000000001FA1
    --
    Dump analysis showed that the error occurs during DEQ of a
    resource named
    majorname:SYSZBBO
    minorname:
    ASCII string '<cluster.server>sessionId'
    which is used by the zWAS session code to establish affinity
    of a session to a specific zWAS servant for routing purposes.
    Further trace analysis shows that the error occurs after
    application or framework code calls the method
    javax/servlet/http/HttpServletRequestWrapper.changeSessionId(Htt
    pServletRequestWrapper
    which is new with V9.
    The update to session ID completes normally, but at some later
    point when the session is invalidated, a call is made to DEQ
    the resource using the minor name for the updated sessionID,
    which was not previously used for an ENQ. GRS issues the
    abend130 as a consequence, ending the servant process.
    In this specific case, the update session call was made from
    the Spring framework code:
    --
    org/springframework/security/web/authentication/session/ChangeSe
    ssionIdAuthenticationStrategy.applySessionFixation(ChangeSession
    IdAuthenticationStrategy.java:55)
    --
    but the problem can be exposed by any caller.
    The following Java switch can be set as an additional argument
    to the JVM in the servant to externalize the caller, in case
    this is of interest:
    --
    -Xtrace:trigger=method{com/ibm/ws/webcontainer/srt/SRTServletReq
    uest.changeSessionId*,javadump}
    --
    this will create a javacore when the call is made, from which
    the caller can be identified.
    The code will be updated to register&#160;updated (new) session&#160;on
    z/OS.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server Version    *
    *                  9.0 customers for zOS                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: HttpServletRequest.changeSessionId()    *
    *                      method may cause GRS issues abend130    *
    *                      during invalidation                     *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In the zOS environment, HttpServletRequest.changeSessionId()
    completed normally, but at some later point when the session
    is invalidated, a call is made to DEQ the resource using the
    minor name for the updated session ID, which was not
    previously used for an ENQ. GRS issues the abend130 as a
    consequence, ending the servant process.
    

Problem conclusion

  • Code changes were made to correctly update the session ID in
    the zOS environment when using
    HttpServletRequest.changeSessionId().
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 9.0.0.11.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH05579

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    900

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-11-21

  • Closed date

    2019-01-31

  • Last modified date

    2019-03-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"900","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 October 2021