WebSphere Commerce Version 7.0.0.6WebSphere Commerce Version 7.0.0.7

Enabling interim fix JR47553

Interim fix JR47553 can be used to avoid logging invalid cookie exceptions that are caused by interim fix JR46386. If a shopper's browser uses old cookies that do not comply with the store's encryption method, an exception is caught in the SystemOut.log file. JR47553 provides a ValidateRequestCmd that you can customize to silently invalidate the old cookie and redirect to a logon page. By using this command, the invalid cookie exceptions are avoided in the log file.

Before you begin

  • WebSphere Commerce Version 7.0.0.6Install the cumulative interim fix for Fix Pack 6, JR53048.fp. JR47553 is included in the cumulative interim fix.
  • WebSphere Commerce Version 7.0.0.7Install the cumulative interim fix for JR53048.fp. JR47553 is included in the cumulative interim fix.
For information about how to install an interim fix, see

Procedure

  1. Extend the ValidateRequestCmdImpl command and define the code logic in the handleResult() method.

    In the handleResult() method, you can redirect the page to an error view, tell the shopper that there is an invalid cookie, and clear the incorrect cookie in that view. The following code is a sample for the handleResult() method.

    public HttpControllerRequestObject handleResult(HttpControllerRequestObject requestObject, HttpServletRequest request,
   TypedProperty requestProperties, Cookie cookie) {

   final String strMethodName = "handleResult";
   final boolean bTraceEnabled = isTraceEnabled();

   if (bTraceEnabled) {
     ECTrace.entry(ECTraceIdentifiers.COMPONENT_SERVER, getClass().getName(), strMethodName);
   }

   //Customization sample code
   cookie.setValue("DEL");

   requestObject.setRequestName("MyErrorCookieView");
   requestProperties.put(ECConstants.EC_URL, ECConstants.EC_COOKIE_ERROR_VIEW);

   Map iMap = requestProperties.toMap();
   request.setAttribute(ECConstants.EC_INPUT_PARAMVALUES, iMap);

   requestObject.setHttpRequest(request);

   ECTrace.trace(ECTraceIdentifiers.COMPONENT_SERVER, getClass().getName(), strMethodName,
   "Customize the request with the validation result of cookie");
   ECTrace.exit(
     ECTraceIdentifiers.COMPONENT_SERVER,
     getClass().getName(),
     strMethodName);
   return requestObject;
  }
  2. Update the error view JSP file to clean the invalid cookie at the beginning of a page load.
    Sample code in the error view JSP file to clean the invalid cookie at the beginning of page loading:
    
<%
   Cookie[] cookies = request.getCookies();
   for (int i = 0; cookies != null && i < cookies.length; i++) {
     Cookie cookie = cookies[i];
     if (cookie.getName().startsWith("WC_USERACTIVITY_")) {
       if (cookie.getValue().equals("DEL")){
         cookie.setMaxAge(0);
         cookie.setPath("/");
         response.addCookie(cookie);
     }
     break;
   }
   }
%>
  3. Besides the cookie, which name starts with 'WC_USERACTIVITY_', you also need to delete the cookie with names like WC_AUTHENTICATION_X by a similar approach.