IBM Support

PM97534: THE LTPATOKEN2 COOKIE DOES NOT HAVE HTTPONLY FLAG WHEN USER IS LOGGED OUT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The LtpaToken2 cookie does not have HTTPOnly flag when user is
    logged out on WAS v8.5. In the Liberty profile, it does have
    the HTTPOnly flag when the user is logged out.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: When LTPAToken or LTPAToken2 cookie     *
    *                      is removed, HttpOnly flag is not set    *
    *                      even if it was set when these cookies   *
    *                      were created.                           *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Due to a code defect, when cookies are being removed, HttpOnly
    flag is not set even it needs to be.
    Although this does not prevent removing these cookies from
    browsers, it needs to be set properly for consistency.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PM97534

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-09-20

  • Closed date

    2013-09-27

  • Last modified date

    2013-10-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
12 January 2022