User Portal Session Swapping When Apache Proxy 2.2.9 is in Use (Doc ID 1286937.1)

Last updated on MARCH 08, 2017

Applies to:

Portal - Version 10.1.4.2 and later
Information in this document applies to any platform.
***Checked for relevance on 24-Apr-2013***

Symptoms

When navigating in Portal, a user is able to see the data of another user thus exposing data that the user is not authorized to see.  Clicking on refresh, fixes the issue.  It appears that a user was given the session of another user and that user was able to view the screen of another user.

All suggested patches have been applied from this document:

460362.1 - Recommended Patches for Portal 10.1.4.x.

The setup includes an Apache proxy 2.2.9 in front of the Portal mid tiers.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms