                WebSphere Application Server APAR # PQ46762

     
  WebSphere Release: 3.5.2/3.5.3

  Abstract:  This apar replaces PQ40815, PQ42166 and PQ44646 by including the following:
  
             New Fixes are
	      - Session id generation is more random
	      - Fixes null pointer exceptions in invalidation path
	      - Fixes DB2 out of handles exceptions in invalidation path
	      - Makes authorization association with session configurable using system property
	      - Fixes creation of multiple session contexts for same webapp under stress start.
              
             Fixes included from earlier APARS are:
              - Deadlocks with multi-row and cache on for persistent sessions.(PQ40815)
              - Removal of select for update (PQ42166)
              - Proactive cleanup of cache (PQ42166)
              - Fixes for manual update null ptr's and deadlocks (PQ42166)
              - Serializing of invalid threads (PQ42166)
              - Database schema change that now allows the "property name" (PQ42166)
                (e.g.  putValue ("propertyname", propertyValue) to be up to
                64 characters long.  Also, a Web Application name of up to 
                64 characters is also now supported. 
              - Oracle OCI workaround (PQ42166)
              - Oracle  out of cursors fixed (PQ42166)
              - getValueNames() throws ClassCastException when remove is called in 
                same request(PQ44646)
              - Closes preparedstatements on exceptions(PQ44646)
              - added better cleanup of database resources when java exceptions 
                occur during http session processing(PQ44646)
              - better tolerance for ClassNotFoundExceptions with http session 
                persistence (minimize impact to other operations) (PQ44646)
              - fixed problems with invalid cache entries and IllegalStateExceptions  
                when cleaning up the http session cache on the invalidator thread (PQ44646)
              - fixed synchronization problem with calls to sync() when manual 
                update is configured (lead to timing bugs and intermittant exceptions)(PQ44646)              
             
              
  Please also review the Http Session Best Practices Guide included in this
  package.
              
**********************VERY IMPORTANT NOTE**********************************
THE SESSIONS DATABASE TABLE MUST BE DROPPED BEFORE THIS EFIX IS APPLIED!!!!
***************************************************************************

 Installation:

1. Copy PQ46762-352-0313.jar to a directory, such as WebSphere\AppServer\efix
   
2. Add the directory/jar file to the beginning of the admin server's classpath
   in WebSphere\AppServer\bin\admin.config :

 com.ibm.ejs.sm.adminserver.classpath=C:/WebSphere/AppServer/efix/PQ46762-352-0313.jar;C:/WebSphere....

3. Restart the WebSphere Application Server.


TO TURN OFF THE AUTHORIZATION ID ASSOCIATION WITH HTTPSESSION:
	On Command line arguments of Application Server instance, specify system property HttpSessionSecurity=false and apply the changes and then start the Server instance. For
example, in Administrative Console, Select "Default Server",and in Command line arguments
specify  
     -DHttpSessionSecurity=false