Defect HC-18398
WAS 8.5.5.21 (Java 8.0.7) breaks cookie decryption code
Software
Customer case | Applies to | Corrected in |
---|---|---|
CS0305436 | V8.0.4.29 | 8.0.4.29 |
Observed behavior
With the introduction of WAS server version 8.5.5.21 and the Java version change to 8.0.7.0, cookie decryption code fails when AES encryption is used for the Commerce database.
Expected behavior
The decryption should work successfully.
Resolution
Mac verification while decrypting WC_USERACTIVITY cookie is failing when IBMJCEPlus provider is used, which is the default beginning in Java 8.0.7.0. The Commerce code has been modified to force the use of IBMJCE provider in this case, rather than relying on the default priority sequence.