IBM Support

PI17266: NULLPOINTEREXCEPTION MIGHT OCCUR WHEN USER LOGOUT OF AN EXPIRED SESSION

A fix is available

Download for IBM Worklight V6.1.0 Fix Pack 2

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • NullPointerException might occur if user is using servlet 3.0 on
WebSphere Application Server and attempts to logout of an
expired session.  This may cause
the Lightweight Third-Party Authentication (LTPA) token not to
be invalidated.

Local fix

  • Add <parameter name="ltpa-force-global-logout" value="true" />
to the authenticationConfig.xml.  This property exists in
IBM Worklight 6.1.0.1 and later.

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* Worklight Administrators using Lightweight Third-Party       *
* Authentication (LTPA) based authentication                   *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* When a user's session times out and a logout request is      *
* made, the logout may not occur when using the LTPA login     *
* module. As a result, the LTPA token cookie may not be reset, *
* and the user will remain logged in. This also exposed a      *
* behavior where a null pointer exception would be logged.     *
****************************************************************
* RECOMMENDATION:                                              *
* -                                                            *
****************************************************************

Problem conclusion

  • The logout logic for the LTPA login module was modified to
always be triggered when the LTPA realm was requested, even if
the user was logged in during the session. Also, the null
pointer exception was fixed due to a missing check.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI17266
    • 

  • Reported component name
    WORKLIGHT CONSU
    • 

  • Reported component ID
    5725I4301
    • 

  • Reported release
    610
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2014-05-02
    • 

  • Closed date
    2014-05-16
    • 

  • Last modified date
    2014-05-16
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WORKLIGHT CONSU
    • 

  • Fixed component ID
    5725I4301
    • 



Applicable component levels


    

  • R610  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            17 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback