PK19485; 6.0.2.7: Add option to disable storing cookies for all cache instances

Download

Abstract

By default, Dynacache stores cookies as part of the response unless configured otherwise on a per request basis in [<code>cachespec.xml</code>].

Download Description

PK19485 resolves the following problem:

ERROR DESCRIPTION
Accidentally enabling caching of cookies in the cachespec.xml for Websphere® commerce permitted WebSphere Commerce shoppers to see other shoppers' personal information.

LOCAL FIX
None.

PROBLEM SUMMARY

USERS AFFECTED
All users of WebSphere Application Server using the servlet caching feature.

PROBLEM DESCRIPTION
Dynacache stores cookies as part of the response by default unless configured otherwise on a per request basis in cachespec.xml. As a result, there is a risk of sharing cookies between users.

RECOMMENDATION
None

This apar provides ability to disable storing cookies globally on a per server basis via a custom property:
com.ibm.ws.cache.CacheConfig.disableStoreCookies

PROBLEM CONCLUSION
The fix for this APAR is currently targeted for inclusion in cumulative fix 5.1.1.10 and fixpack 6.0.2.9.

Please refer to the recommended updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"5273","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK19485/readme.txt"}]

Off

          [{"DNLabel":"PK19485_5119_eFix","DNDate":"03-13-2006","DNLang":"US English","DNSize":"28972","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK19485/PK19485_5119_eFix.jar","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK19485/PK19485_5119_eFix.jar"},{"DNLabel":"6.0.2-WS-WAS-IFPK19485","DNDate":"03-13-2006","DNLang":"US English","DNSize":"51387","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK19485/6.0.2-WS-WAS-IFPK19485.pak","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK19485/6.0.2-WS-WAS-IFPK19485.pak"}]
          

Technical Support

Contact IBM Support using SR (http://www-306.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV(U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Dynamic Cache","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.0.2.5;6.0.2.7","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Java SDK","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Problems (APARS) fixed
PK19485

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24011833

Tips