My Oracle Support Banner

Sending In An Invalidated Session Token With Session Type = Stateless Causes Creation Of 5 EAI Tasks In Running State (Doc ID 2780797.1)

Last updated on JUNE 05, 2021

Applies to:

Siebel CRM - Version 17.0 [IP2017] to 21.5 [Release V17]
Information in this document applies to any platform.

Symptoms

SessionTokens are invalidated when an inbound web service request is sent into Siebel with SessionType = None and the SessionToken value, such as the following:

<SessionType xmlns="http://siebel.com/webservices">None</SessionType>
<siebel-header:SessionToken xmlns:siebel-header="http://siebel.com/webservices">SESSION_TOKEN_VALUE</siebel-header:SessionToken>

This type of request will instruct Siebel to close the EAI task (stop the task and close out the session) as well as mark the SessionToken value as invalidated, no longer valid, no longer to be recognized nor used by the Siebel application.


Please refer to the documentation for information about closing an EAI Session:

https://docs.oracle.com/cd/F26413_14/books/EAI2/web-services.html#c_Combinations_of_Session_Types_and_Authentication_Types_ahm178693

"When a SOAP header carries a session token and has the session type set to None, then the Session Manager on the AI closes (logs out) of this session, and invalidates the session token. The session token is not used after the session is invalidated."

If/when the same SessionToken value is sent in again after invalidation with the SessionType = Stateless, the request would be rejected, an error is returned and it will then require the sending application to send a request with the Username/Password in the soap header in order to log in again to create a new EAI session.

However, it has been observed that even after doing the above to close the session and invalidate the SessionToken, when the same SessionToken value is sent in again with the SessionType = Stateless, Siebel application did not fail/error out, rather it took the SessionToken to login again in 5 different EAI tasks. Each of the 5 EAI tasks still shows an error about the session token, yet the tasks remained in Running status. This is not an expected behaviour:

       • Once it sees the SessionToken has expired and generated the error, it should have closed out the EAI task and not leave it in Running status.

       • Additionally, it should only have created 1 EAI task to check the SessionToken and error out, it should not have created 5 EAI tasks to do the same thing.


Steps to reproduce:

1. Send an inbound web service to open a new EAI session with the following soap header information:

<UsernameToken xmlns="http://siebel.com/webservices">sadmin</UsernameToken>
<PasswordText xmlns="http://siebel.com/webservices">siebel</PasswordText>
<SessionType xmlns="http://siebel.com/webservices">Stateless</SessionType>

This will create a new EAI task to run the request and then return a response with a SessionToken value, similar to the following:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Header>
<siebel-header:SessionToken xmlns:siebel-header="http://siebel.com/webservices">TOKEN_01</siebel-header:SessionToken>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
...

...

... Where TOKEN_01 is an actual Siebel generated/returned SessionToken string.

Do a "list active task for comp EAIObjMgr_enu" and it will show 1 task running


2. Now, send in the next request using the returned SessionToken and SessionType = None to close the session:

<SessionType xmlns="http://siebel.com/webservices">None</SessionType>
<siebel-header:SessionToken xmlns:siebel-header="http://siebel.com/webservices">TOKEN_01</siebel-header:SessionToken>

 This closes the EAI task, do a "list active task for comp EAIObjMgr_enu" and it will show 0 task running


3. Now, send in the next request using the same SessionToken which was used to close the session:

<SessionType xmlns="http://siebel.com/webservices">Stateless</SessionType>
<siebel-header:SessionToken xmlns:siebel-header="http://siebel.com/webservices">TOKEN_01</siebel-header:SessionToken>

Here, it spawns off 5 EAI Tasks all in Running status.

Do a "list active task for comp EAIObjMgr_enu" and it will show 5 tasks running

The EAIObjMgr_*.log file for all 5 EAI tasks shows the same error message as follows:


4. Continue to send the request in again with the same invalidated SessionToken value and here again it creates another 5 EAI Running tasks.

Do a "list active task for EAIObjMgr_enu" and it will show 10 tasks running, so each submission of an inbound request with the invalidated SessionToken generates/adds another 5 EAI Running tasks.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.