IBM Support

PM52245: AN UNAUTHORIZEDSESSIONREQUESTEXCEPTION IS THROWN FROM THE FORMLOGINEXTENSIONPROCESSOR AFTER A SUCCESSFUL LOGIN

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • [com.ibm.websphere.servlet.session.UnauthorizedSessionRequestExc
    eption:
    SESN0008E: A user authenticated as anonymous has attempted to
    access a
    session owned by
    user:defaultWIMFileBasedRealm/uid=JazzAdmins,o=defaultWIMFileBas
    edRealm.
    794  at
    com.ibm.ws.session.SessionContext.checkSecurity(SessionContext.j
    ava:1298
    )
    795  at
    com.ibm.ws.session.SessionContext.getIHttpSession(SessionContext
    .java:50
    7)
    796  at
    com.ibm.ws.session.SessionContext.getIHttpSession(SessionContext
    .java:42
    0)
    797  at
    com.ibm.ws.webcontainer.srt.SRTRequestContext.getSession(SRTRequ
    estConte
    xt.java:104)
    798  at
    com.ibm.ws.webcontainer.srt.SRTRequestContext.isRequestedSession
    IdValid(
    SRTRequestContext.java:74)
    799  at
    com.ibm.ws.webcontainer.srt.SRTServletRequest.isRequestedSession
    IdValid(
    SRTServletRequest.java:2149)
    800  at
    com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(Fo
    rmLoginE
    xtensionProcessor.java:244)
    801  at
    com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(Fo
    rmLoginE
    xtensionProcessor.java:223)
    802  at
    com.ibm.ws.security.web.FormLoginExtensionProcessor.handleReques
    t(FormLo
    ginExtensionProcessor.java:201)
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: SESN0008E error is logged during form   *
    *                      login process                           *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Due to code defect, a codepath which determines whether HTTP
    session is valid, is invoked even it is not required. As a
    result, SESN0008E error was logged if HTTP session is not
    valid.
    

Problem conclusion

  • With this fix, the code no longer invokes HTTP session
    validation code unless it is required.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.0.0.2.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM52245

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-11-14

  • Closed date

    2011-11-28

  • Last modified date

    2011-12-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 October 2021