APAR status
Closed as program error.
Error description
Multiple Business Process Manager applications can share the same HTTP session ID (JESSIONID). When the HTTP session for one application is invalidated, the HTTP sessions for the other applications are invalidated. From the point of view of an end user using a Business Process Manager interface such as Process Portal, interdependencies between applications in relation to session invalidation can lead to continuity issues. This is a potential cause of a "You have been automatically logged out for security reasons..." message. If the WLE.*=all trace is enabled, the following message will be written to the trace just before invalidating all HTTP sessions that share the same HTTP session ID. [5/10/13 9:46:37:783 EDT] 00000008 wle_servlet 1 com.lombardisoftware.core.util.InvalidateSessionListener sessionDestroyed Invalidating all sessions on sessionDestroyed for user, session ID=GjnvHJKjlK7Q_AL7WrLKrpr"
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of BPM Express, BPM Standard, and * * BPM Advanced. * **************************************************************** * PROBLEM DESCRIPTION: HTTP session invalidation for one * * Business Process Manager application * * leads to HTTP session invalidation * * for other Business Process Manager * * applications that share the same HTTP * * session ID (JESSIONID). * **************************************************************** * RECOMMENDATION: * **************************************************************** Logic to link HTTP session invalidation for multiple Business Process Manager applications was not necessary based on other changes made in Business Process Manager version 8.0.1.
Problem conclusion
HTTP session invalidation listener code was modified so that invalidation of an HTTP session for one Business Process Manager application will not lead to HTTP session invalidation for other applications. Interim fixes for JR46647 on Business Process Manager versions 8.0.1.0 and 8.0.1.1 are available from Fix Central. Fix application instructions are also available when obtaining the interim fix from Fix Central.
Temporary fix
Comments
APAR Information
APAR number
JR46647
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-05-13
Closed date
2013-07-30
Last modified date
2013-12-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM ADVANCED
Fixed component ID
5725C9400
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
08 January 2022