APAR status
Closed as program error.
Error description
HTTP channel custom property DoNotAllowDuplicateSetCookies=true is not preventing multiple Set-Cookie headers from being created.
Local fix
Possible workaround may be to enable the SameSite cookie attribute.
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * * using the httpchannel custom property * * "DoNotAllowDuplicateSetCookies". * **************************************************************** * PROBLEM DESCRIPTION: Http Channel custom property * * DONOTALLOWDUPLICATESETCOOKIES=true is * * not * * perventing multiple Set-Cookie headers * * from being sent * **************************************************************** * RECOMMENDATION: * **************************************************************** Httpchannel custom property DoNotAllowDuplicateSetCookies=true is not perventing duplicate Set-Cookie header cookies from being sent in an http response.
Problem conclusion
The httpchannel custom property DoNotAllowDuplicateSetCookies=true will prevent duplicate Set-Cookie header cookies from being sent in an http response. Open Liberty PR: https://github.com/OpenLiberty/open-liberty/pull/24082 The fix for this APAR is targeted for inclusion in fix pack 9.0.5.15, 8.5.5.24, Liberty 23.0.0.2. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Enabling samesite may be a temporary workaround.
Comments
APAR Information
APAR number
PH52167
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-01-26
Closed date
2023-01-30
Last modified date
2023-01-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 January 2023