IBM Support

PM19405: WASREQURL WRONG WHEN PAGES RENDER SLOWLY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When a user opens two browser windows and has two authenticated
    Portal sessions, rendering a page in one window while logging
    out in the second window can lead to the WasReqURL cookie being
    wrong. That is, the WasReqURL cookie will point to the first
    resource that is requested without a valid security context (as
    the logout in the second window has already been processed).
    When the same user tried to login again with second window, the
    login process believes the WasReqURL cookie to point a Portal
    page that the user wants to visit, when in fact it is just a
    resource (e.g. an image) that was requested from the first
    window. Rather than landing on a proper Portal page, the user
    is redirected to that resource.
    
    In more common use case scenarios, the effect observed will be
    the end user will be redirected and see a Web Content Management
    (WCM) image after login, rather than the expected / default
    Portal landing page.
    

Local fix

  • None available.
    

Problem summary

  • When a user opens two browser windows and has two
    authenticated Portal sessions, rendering a page in one window
    while logging out in the second window can lead to the WasReqURL
    cookie being wrong. That is, the WasReqURL cookie will point to
    the first resource that is requested without a valid security
    context (as the logout in the second window has already been
    processed). When the same user tried to login again with second
    window, the login process believes the WasReqURL cookie to point
    a Portal page that the user wants to visit, when in fact it is
    just a resource (e.g. an image) that was requested from the
    first window. Rather than landing on a proper Portal page, the
    user is redirected to that resource.
    

Problem conclusion

  • This APAR introduces a login filter that can be enabled and
    configured to validate the WasReqURL cookie. In the WAS Admin
    Console, add the following custom property to the resource
    environment provider "WP Authentication Service":
    
    login.explicit.filterchain=com.ibm.wps.auth.impl.ValidateRedirec
    tLoginFilter
    
    You can determine which redirect URLs should be considered as
    "invalid" and should be replaced by a default redirect URL by
    setting the following additional property:
    
    filterchain.properties.com.ibm.wps.auth.impl.ValidateRedirectLog
    inFilter.blacklist.pattern=<regexp>
    
    where "regexp" will be interpreted as a regular expression (see
    java.util.regex.Pattern) and compared to redirect URL
    (case-insensitive). If, for example, all redirect URLs that end
    with *.* should be considered as invalid, the following pattern
    can be used: .*/[^/]*[.]+[^/]*
    
    If the current redirect URL matches the specified pattern, then
    this redirect URL will be replaced by "/wps/myportal". A
    different redirect URL can be configured with property:
    
    filterchain.properties.com.ibm.wps.auth.impl.ValidateRedirectLog
    inFilter.redirect.url
    
    Failing Module(s):
       Authorization/Authentication (login/logout)
    
    Affected Users:
       All users
    
    Version Information:
       Portal Version(s): 6.1.0.3, 6.1.0.4
        Pre-Requisite(s): ---
         Co-Requisite(s): ---
    
    Manuel Steps:
       None
    
    Platform Specific:
       This fix applies to all platforms.
    
    
    PM19405 is part of Cumulative Fix 07 for Portal 6.1.0.3 /
    6.1.5.0:
    http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
    r?apar=PM18585&productid=WebSphere%20Portal&brandid=5
    
    and also part of Cumulative Fix 07 for Portal 6.1.0.4 / 6.1.5.1:
    http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
    r?apar=PM18610&productid=WebSphere%20Portal&brandid=5
    
    You may need to type or paste the complete address into your Web
    browser.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM19405

  • Reported component name

    WEBSPHERE PORTA

  • Reported component ID

    5724E7600

  • Reported release

    615

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-07-29

  • Closed date

    2010-08-31

  • Last modified date

    2010-09-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE PORTA

  • Fixed component ID

    5724E7600

Applicable component levels

  • R615 PSY

       UP

  • R61C PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.5","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
21 December 2021