IBM Support

JR45670: CMVC 226905 - A user is not allowed to log on to the same store from different channels.

Direct links to fixes

7.0.0-WS-WCServer-FP009
WebSphere Commerce Version 7.0.0.8 Fix Pack
WebSphere Commerce Version 7.0.0.9 Fix Pack

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After a user logs on to a store, if the user logs on to the same
store simultaneously from a different channel, such as REST API
or another type of browser, the previous logon of the user will
be terminated.

Local fix

  • 



Problem summary


    

  • USERS AFFECTED:
Users who want to maintain session between store and REST
services, or between different tools or devices.

PROBLEM ABSTRACT:
A user is not allowed to log on to the same store simultaneously
from different channels.

BUSINESS IMPACT:
This prevents clients from having a seamless customer experience
from
multiple logon APIs, tools or devices.

RECOMMENDATION:
Because of sharing the same single session, this APAR has some
limitations as shown in the "Problem conclusion" section.
Beside this APAR, there is a new feature for multiple logon in
fixpack 8. It is always recommended to upgrade to fixpack 8
and use this new feature with less limitations instead of this
APAR. Here is the description for this new feature in fixpack 8:
http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.co
mmerce.admin.doc/tasks/tsemultilogonsessions.htm

    



Problem conclusion


    

  • A customization point is provided to determine if simultaneous
logon with reusing activity token is allowed. Clients can
customize the following method of the task command
SimultaneousLogonHelperCmd:

 /**
  * This method determines if reusing existing activity token
for simultaneous
  * logons is allowed for the current logon. If this is allowed
and there is
  * an existing token available for the user and store, the
existing activity
  * token will be used for the current request.
  * @return If reusing existing activity for simultaneous logons
is allowed.
  */
 public boolean isReusingActivityTokenAllowed();

By default, this method returns false, so that when a user logs
on to a store, old activities associated with the user and store
will be terminated, and USERS.LASTSESSION will be updated in DB
for the user.

If this method returns true, the system will try to reuse an
activity token that is existing for the user and store. And if
an activity token is reused, USERS.LASTSESSION will not be
updated for the current logon request.

The considerations for customization might include the
registration type and roles of the user, and the time elapsed
since CTXMGMT.STARTTIME or USERS.LASTSESSION etc.

The default implementation of the command which is
SimultaneousLogonHelperCmdImpl provides protected methods for
accessing the user ID and activity tokens.



This solution cannot support the following scenarios:
1. One user logs on to different stores front from different
clients at the same time.
2. One user logs on to admin UIs (CMC and Accelerator/Admin
Console) and a store front from different clients at the same
time.
3. Simultaneous logon for these inbound services
http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.co
mmerce.webservices.doc/refs/rwvinbound.htm
4. Simultaneous logon for Sales Center.
5. RememberMe is not supported with this solution, meaning if
remember me is selected at logon, the multiple logon feature
will not work. That is, the subsequent logon may terminate the
previous session.
6. SSO (single sign on) is not supported with this solution.
7. Since the solution is sharing the same single session for
different logons, if the user logs off from one client, the
single session will be terminated, which will force the
termination of the other logons.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR45670
    • 

  • Reported component name
    WC BUS EDITION
    • 

  • Reported component ID
    5724I3800
    • 

  • Reported release
    700
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    YesSpecatt / New Function
    • 

  • Submitted date
    2013-02-07
    • 

  • Closed date
    2013-05-30
    • 

  • Last modified date
    2014-04-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WC BUS EDITION
    • 

  • Fixed component ID
    5724I3800
    • 



Applicable component levels


    

  • R700  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            29 April 2014
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback