IBM Support

JR45670: CMVC 226905 - A user is not allowed to log on to the same store from different channels.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After a user logs on to a store, if the user logs on to the same
    store simultaneously from a different channel, such as REST API
    or another type of browser, the previous logon of the user will
    be terminated.
    

Local fix

Problem summary

  • USERS AFFECTED:
    Users who want to maintain session between store and REST
    services, or between different tools or devices.
    
    PROBLEM ABSTRACT:
    A user is not allowed to log on to the same store simultaneously
    from different channels.
    
    BUSINESS IMPACT:
    This prevents clients from having a seamless customer experience
    from
    multiple logon APIs, tools or devices.
    
    RECOMMENDATION:
    Because of sharing the same single session, this APAR has some
    limitations as shown in the "Problem conclusion" section.
    Beside this APAR, there is a new feature for multiple logon in
    fixpack 8. It is always recommended to upgrade to fixpack 8
    and use this new feature with less limitations instead of this
    APAR. Here is the description for this new feature in fixpack 8:
    http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.co
    mmerce.admin.doc/tasks/tsemultilogonsessions.htm
    

Problem conclusion

  • A customization point is provided to determine if simultaneous
    logon with reusing activity token is allowed. Clients can
    customize the following method of the task command
    SimultaneousLogonHelperCmd:
    
     /**
      * This method determines if reusing existing activity token
    for simultaneous
      * logons is allowed for the current logon. If this is allowed
    and there is
      * an existing token available for the user and store, the
    existing activity
      * token will be used for the current request.
      * @return If reusing existing activity for simultaneous logons
    is allowed.
      */
     public boolean isReusingActivityTokenAllowed();
    
    By default, this method returns false, so that when a user logs
    on to a store, old activities associated with the user and store
    will be terminated, and USERS.LASTSESSION will be updated in DB
    for the user.
    
    If this method returns true, the system will try to reuse an
    activity token that is existing for the user and store. And if
    an activity token is reused, USERS.LASTSESSION will not be
    updated for the current logon request.
    
    The considerations for customization might include the
    registration type and roles of the user, and the time elapsed
    since CTXMGMT.STARTTIME or USERS.LASTSESSION etc.
    
    The default implementation of the command which is
    SimultaneousLogonHelperCmdImpl provides protected methods for
    accessing the user ID and activity tokens.
    
    
    
    This solution cannot support the following scenarios:
    1. One user logs on to different stores front from different
    clients at the same time.
    2. One user logs on to admin UIs (CMC and Accelerator/Admin
    Console) and a store front from different clients at the same
    time.
    3. Simultaneous logon for these inbound services
    http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.co
    mmerce.webservices.doc/refs/rwvinbound.htm
    4. Simultaneous logon for Sales Center.
    5. RememberMe is not supported with this solution, meaning if
    remember me is selected at logon, the multiple logon feature
    will not work. That is, the subsequent logon may terminate the
    previous session.
    6. SSO (single sign on) is not supported with this solution.
    7. Since the solution is sharing the same single session for
    different logons, if the user logs off from one client, the
    single session will be terminated, which will force the
    termination of the other logons.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR45670

  • Reported component name

    WC BUS EDITION

  • Reported component ID

    5724I3800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function

  • Submitted date

    2013-02-07

  • Closed date

    2013-05-30

  • Last modified date

    2014-04-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WC BUS EDITION

  • Fixed component ID

    5724I3800

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
29 April 2014