Download
Abstract
By default, Dynacache stores cookies as part of the response unless configured otherwise on a per request basis in [<code>cachespec.xml</code>].
Download Description
PK19485 resolves the following problem:
ERROR DESCRIPTION
Accidentally enabling caching of cookies in the cachespec.xml
for Websphere® commerce permitted WebSphere Commerce shoppers to see other shoppers' personal information.
LOCAL FIX
None.
PROBLEM SUMMARY
USERS AFFECTED
All users of WebSphere Application Server using the servlet caching feature.
PROBLEM DESCRIPTION
Dynacache stores cookies as part of the response by default unless configured otherwise on a per request basis in cachespec.xml
. As a result, there is a risk of sharing cookies between users.
RECOMMENDATION
None
This apar provides ability to disable storing cookies globally on a per server basis via a custom property:
com.ibm.ws.cache.CacheConfig.disableStoreCookies
PROBLEM CONCLUSION
The fix for this APAR is currently targeted for inclusion in cumulative fix 5.1.1.10 and fixpack 6.0.2.9.
Please refer to the recommended updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www-306.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV(U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24011833