Skip to Main Content
Forums

Java SE (Java Platform, Standard Edition)

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Applet altering value of JSESSIONID cookie in Java 6 Update 29

895541Oct 20 2011 — edited Nov 14 2011
After upgrading to Java 6 Update 29 (1.6.0_29) we started to encounter problems with users loosing their session in our web application once the user navigated to a page that contained an applet. The applet communicates with our server. We have traced the issue to a new value being set for the JSESSIONID cookie. This happens shortly after the applet loads. We also observed the same behavior when using the java.com website and its 'Verify Java Version' applet. (http://java.com/en/download/installed.jsp).

When using a previous version of Java (such as Update 22 or 27) we do NOT see this JSESSIONID altering issue. Downgrading the Java client version is our only known workaround.

Has anyone else experienced similar behavior since using update 29? Is this a new security feature or fix that was introduced in update 29?

We've also seen the following stack traces thrown in the client-side Java Console. Still trying to determine if they are more of a side effect or the root cause.

java.security.AccessControlException: access denied (com.sun.deploy.security.SecureCookiePermission origin.https://172.xxx.xxx.xxx:8443)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
.....

java.io.IOException: Not in GZIP format
at java.util.zip.GZIPInputStream.readHeader(Unknown Source)
at java.util.zip.GZIPInputStream.<init>(Unknown Source)
at java.util.zip.GZIPInputStream.<init>(Unknown Source)
....

Comments

BWB

Have a very similar situation, with similar source and target DB versions. Were you able to resolve this issue?

Dezsoe Kados

No, I could not resolve the issue (20.4.1.407 does not solve it either so far I can tell)

BWB

Thanks for the quick update Dezsoe. I have other tools I can use for this comparison, but was trying to make use of tools provided by the client I am supporting.

thatJeffSmith-Oracle

can you reproduce this issue if you say...

create user abc121 ...
connect abc123/...
create or replace package do_nothing....
/

then
create user abc19c ...
connect abc19c/...
create or replace package do_nothing....
/

open Compare wizard, with a connection created for both abc123 and abc19c, compare packages - does the error come up?
In other words, I need a test case.
Jeff

BWB

Jeff, have not done extensive testing, just hit on this error the 1st object attempted to compare, and the scenario is this.
This worked:
2 Oracle EBS Instances, both running on 12.1.0.2.0, and connecting to both instances as apps. Compare a database package body (ottomint.pkb), and successfully see the results.
What did not work:
Source Oracle EBS Instance running on 12.1.0.2.0, and destination connection is on Oracle EBS 19.0.0.0.0. Again connecting to both instances as apps.
When attempting to compare the same DB object (ottomint.pkb) as described above, receive:

Unable to compare objects.
Ensure that you have the required permissions.
You must own the objects or have select_catalog_role.

I can open this object with the APPS user. As another test, used a different package POR_CUSTOM_PKG, and it worked as expected. Other item to note, there is only 1 difference in the package that did not work between the 2 instances, which is just the version. All code lines match.
/* $Header: ottomint.pkb 120.43.12010000.28 2017/11/20 05:21:54 ramsanth ship $ */
/* $Header: ottomint.pkb 120.58.12020000.16 2017/12/17 10:17:19 ramsanth ship $ */

thatJeffSmith-Oracle

So you're looing in as APPS in both databases for the compare? If so, sounds like a bug.

BWB

Yes, APPS in both instances.

thatJeffSmith-Oracle

if you have access to My Oracle Support, please file an SR. Be sure to tell them we think it may be APPS/eBiz specific.

user4484241

I have the same problem
Database diff or cart diff for one package only gives the error:
Unable to compare objects.
Ensure that you have the required permissions.
You must own the objects or have select_catalog_role.
Both databases same 19.5 version

Anton Kryventsev

I' ve got such error for only the tables which have xmltype column.

user4381682

This error seems to happen whenever a package contains this sequence:
?>
Database 19c Standard Edition 2 Release 19.0.0.0.0
SQL Developer 21.4.1.349

User_ZCI9U

Have faced the same Issue. Yes user4381682 is right. This happens when we have xml sample as part of the code. Even if the xml sample is commented, this error comes. Remove all reference to ?> .it should work.

user_2DKLA

Also detailed in this comment in a parallel thread.
Regards,

[Edited on 21 Feb, 2023: fixed the above link for the new Forums software.]

kgamble

I am seeing this in SQLDeveloper Version 22.2.1.234.

Its not feasible to remove ?> from all the code.

Is there a solution to this bug?

thatJeffSmith-Oracle

I'm not sure the bug has ever been logged, as no one opened an SR with a test case as requested in 2021.

1 - 15
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Dec 12 2011
Added on Oct 20 2011
#access, #applet, #code, #control, #exception, #java, #java-applet-development, #security, #session, #update, #user
21 comments
4,865 views