IBM Support

PK00842: COOKIE EXPIRATION THROUGH SET-COOKIE HEADER IS NOT WORKING

Fixes are available

6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for AIX platforms
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for HP-UX platforms
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for Solaris platforms
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for Windows platforms
6.0.2: WebSphere Application Server V6.0 Refresh Pack 2 for Linux platforms

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When trying to expire an existing session cookie, a user is
setting the Cookie MaxAge value to 0 seconds. However, when
the browser receives that Set-Cookie in the response, it is
not in a format that the browser recognizes as noting an
expiration time.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All users of the Application Server.         *
****************************************************************
* PROBLEM DESCRIPTION: Attempts to expire cookies by setting   *
*                      Max-Age to 0 fail.                      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When attempting to expire cookies by setting Max-Age to zero
in the outgoing Set-Cookie, the browser does not discard the
cookie and will send it back to the server.

    



Problem conclusion


    

  • For V0 cookies, a Max-Age of 0 should trigger an Expires value
of a very old date but was not. This has been fixed so that
the browser will now see the old date and will expire the
stored cookie.

This fix is targeted for inclusion in 6.0.0.3.
Please refer to the recommended updates page for delivery
information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK00842
    • 

  • Reported component name
    WEBSPH APP SERV
    • 

  • Reported component ID
    5724J0800
    • 

  • Reported release
    60W
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2005-02-09
    • 

  • Closed date
    2005-02-15
    • 

  • Last modified date
    2005-02-15
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • CHANNEL

    



Fix information


    



Applicable component levels


    

  • R60A  PSY
       UP
    • 

  • R60H  PSY
       UP
    • 

  • R60I  PSY
       UP
    • 

  • R60P  PSY
       UP
    • 

  • R60S  PSY
       UP
    • 

  • R60W  PSY
       UP
    • 

  • R60Z  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            18 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback