Fixes are available
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
APAR status
Closed as program error.
Error description
Customer noted a servant ending unexpectedly with a GRS abend130 rc02350001: CEE3250C The system or user abend S130 R=02350001 was issued. From entry point bboossnq(BBOOSSNQ_Functions,...) at compile unit offset +0000000036CB40BA at entry offset -00000000001FA1 -- Dump analysis showed that the error occurs during DEQ of a resource named majorname:SYSZBBO minorname: ASCII string '<cluster.server>sessionId' which is used by the zWAS session code to establish affinity of a session to a specific zWAS servant for routing purposes. Further trace analysis shows that the error occurs after application or framework code calls the method javax/servlet/http/HttpServletRequestWrapper.changeSessionId(Htt pServletRequestWrapper which is new with V9. The update to session ID completes normally, but at some later point when the session is invalidated, a call is made to DEQ the resource using the minor name for the updated sessionID, which was not previously used for an ENQ. GRS issues the abend130 as a consequence, ending the servant process. In this specific case, the update session call was made from the Spring framework code: -- org/springframework/security/web/authentication/session/ChangeSe ssionIdAuthenticationStrategy.applySessionFixation(ChangeSession IdAuthenticationStrategy.java:55) -- but the problem can be exposed by any caller. The following Java switch can be set as an additional argument to the JVM in the servant to externalize the caller, in case this is of interest: -- -Xtrace:trigger=method{com/ibm/ws/webcontainer/srt/SRTServletReq uest.changeSessionId*,javadump} -- this will create a javacore when the call is made, from which the caller can be identified. The code will be updated to register updated (new) session on z/OS.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server Version * * 9.0 customers for zOS * **************************************************************** * PROBLEM DESCRIPTION: HttpServletRequest.changeSessionId() * * method may cause GRS issues abend130 * * during invalidation * **************************************************************** * RECOMMENDATION: * **************************************************************** In the zOS environment, HttpServletRequest.changeSessionId() completed normally, but at some later point when the session is invalidated, a call is made to DEQ the resource using the minor name for the updated session ID, which was not previously used for an ENQ. GRS issues the abend130 as a consequence, ending the servant process.
Problem conclusion
Code changes were made to correctly update the session ID in the zOS environment when using HttpServletRequest.changeSessionId(). The fix for this APAR is currently targeted for inclusion in fix pack 9.0.0.11. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH05579
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-11-21
Closed date
2019-01-31
Last modified date
2019-03-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R900 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"900","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
17 October 2021