IBM Support

PI43772: PERSISTENT BROWSER SESSIONS ARE ONLY POSSIBLE IF CREDENTIALS IN REST URIS ARE ALLOWED

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • If the IBM Rational ClearQuest (CQ) Web Site Administration
    setting "Allow credentials in REST URIs" is not checked then
    users are required to log in each time they access a CQ record
    from a different tab in the browser.
    
    In the past (with older CQ versions that did not have the
    possibility to forbid autologin URL's) the user were able to
    open multiple CQ records by only logging in once.
    

Local fix

  • Security risk if enabled:
    Due to this defect, to be able to have sessions persisting
    between browser tabs CQ admins need to allow credentials in the
    REST (REpresentational State Transfer) URI's but this workaround
    may not be desired.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * ClearQuest Web                                               *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * ClearQuest Web sessions cannot be reused in REST URIs.  If   *
    * the ClearQuest Web Site Administration setting "Allow        *
    * credentials in REST URIs" is not checked, users are required *
    * to log in each time they access a CQ record from a different *
    * tab in the browser.                                          *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    

Problem conclusion

  • A fix is available in ClearQuest 8.0.0.16 and 8.0.1.9.
    A security option in Site Configuration is now available for
    ClearQuest Web administrators so they can configure CQ web
    sessions to be reusabled.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI43772

  • Reported component name

    CLEARQUEST WIN

  • Reported component ID

    5724G3600

  • Reported release

    801

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-06-25

  • Closed date

    2015-09-22

  • Last modified date

    2015-09-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    CLEARQUEST WIN

  • Fixed component ID

    5724G3600

Applicable component levels

  • R801 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"801","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
14 October 2021