The digest calculation in the Portal "contenthandler" service can render content URL caching ineffective in Apache if various services such as WebSEAL (LTPA junctions) or Google Analytics insert cookies in the request stream. This blog entry will present a method to deal Apache caching in the presence of these cookies.
WebSphere Portal now relies heavily on the the "contenthandler" component to address and render portal resource requests. When you render a Portal page, many requests with a request URL beginning "/wps/contenthandler" or "/wps/mycontenthandler" are generated. These typically (but not necessarily ) are resources required by the Portal theme.
However, the contenthandler service inserts a "digest" calculation in the response to insure that if and when contenthandler responses should be unique to a user, that these responses have different response URLs. That way, URL caching services like Apache mod_disk_cache or Akamai return the correct response for an individual user. Some services, such as WebSEAL with the "LTPA junction" type, insert cookies into the request headers that erroneously force uniqueness on the Portal contenthandler responses unless appropriately dealt with.
WebSEAL LTPA Junctions
Once authenticated to WebSEAL, WebSEAL does a SetCookie to the user's browser for a cookie name that begins with "PD_STATEFUL", for example "PD_STATEFUL_00bcef52-0c5a-11e4-98a1-a224e2a50102=%2Fwasapp". When a request comes to WebSEAL with the cookie that identifies the user associated with this request to WebSEAL, WebSEAL can insert an LTPA token on the request before it gets to Portal.
WebSphere Portal Digest Calculations
Be default, Portal will calculate a "digest" for all contenthandler requests. The result of this calculation can be found in the Portal responses. Here is an example response URL to a content handler request:
In this URL, the section after "digest!" is the calculated digest by Portal for this URL. By default, the digest calculation by Portal will exclude several cookie. This is controlled by settings in the "WP_ConfigService" resource environment provider in the WebSphere Application Server hosting Portal. The setting name is "cookie.ignore.regex". As you can guess from the name, this is a Java regex that will exclude all the cookies specified.
By default, the exclusion list is "LTPA, LTPA2 and JSESSIONID". These cookies specify the SSO ID and session IDs of this user. To exclude other cookies from the digest calculation, append them to these cookies in the WP_ConfigService resource environment provider. So, to exclude the WebSEAL PD_STATEFUL cookies add the following name/value pair to WP_ConfigService:
Notice this this is just a regular expression containing cookie names. Because the WebSEAL cookie name can have a suffix, I have used a regex for "all characters" which is ".*".