Users are facing issues with unexpected logoff with Web Viewer 14.0
Article ID: 412720
Updated On:
Products
Issue/Introduction
We are observing that some users are facing issues with unexpected logoff.
This problem affect only external users, trying to connect outside the companies' intranet.
On some systems updating server.env with WV_SECURITY_SESSION_IPBOUND=false solved issue.
This weekend similar changes was implemented on four new systems but that solution failed. Users still complain for unexpected logoffs.
I compared lpars setup where IPBOUND worked with those where does not, and I've found few defenses.
On working lpars WV_SECURITY_SESSION_IPBOUND=false, word “false “ is lowercase, and non-working lpars the parameter is in uppercase : WV_SECURITY_SESSION_IPBOUND=FALSE
Environment
- IBM WebSphere Liberty Server
- Output Management Web Viewer™ for z/OS
Cause
Parameter specification is case sensitive
Resolution
From the documentation:
Set the IP Address Rule for a WebSphere Liberty Server
The following example shows how to set the IP Address Rule in the WebSphere Liberty server server.env file:
WV_SECURITY_SESSION_IPBOUND=true
So the value must be is in lower case.
When the "FALSE" value was changed to lowercase for all affected lpars and that resolved the issue.
Additional Information
If the value is specified correctly, WV_SECURITY_SESSION_IPBOUND=false for example, the following informational message is produced in the log:
CAHVS0029I Configuration option security.session.ipbound set by environment variable WV_SECURITY_SESSION_IPBOUND to false
If the value is specified incorrectly, WV_SECURITY_SESSION_IPBOUND=FALSE for example, the following warning message is produced in the log:
CAHVS0030W The WV_SECURITY_SESSION_IPBOUND configuration value 'FALSE' is invalid (must be one of the following values: true,false). Default value true used instead.
And the default value of true will be used
Feedback
