Warning: E-Business Suite Issues with Sun JRE 1.6.0_21

My colleagues in the Java division shipped Java Runtime Environment 1.6.0_21 (a.k.a. JRE 6u21, internal version 1.6.0_21-b06) last week.  See the 1.6.0_21 Update Release Notes for details about what has changed in this release.

Unfortunately, this release of JRE 6u21 (1.6.0_21-b06) still has the 'Mismanaged Session Cookie' issue that we reported in earlier articles.  This can cause a failure of the following E-Business Suite functions with certain desktop and browser combinations, notably for IE 6 and 7 users:
  • 'File -> Export' functionality
  • Opening attachments in forms
  • Opening an HTML form to a new window from forms.
  • Opening an Applet in a new window from forms
  • Trying to login again after forms session timeout fails
A JRE plug-in release with fixes for these issues is only available through patch 9915543.  Patch 9915543 contains JRE 1.6.0_20-b05.  This fixed version is not available as a download from Sun or through the Java Update Mechanism (which continues to offer only JRE 1.6.0_20-b02).  This fix will not be available through the normal Sun distribution channels until a future release of JRE 1.6.

A fixed version of the JRE 1.6.0_21 (6u21) plug-in is expected to be made available through a special patch download in the near future.

Summary of options for EBS sysadmins

At this stage, your options are to:
  1. Remain on JRE 1.6.0_17; wait for JRE 1.6.0_22 or later
  2. Deploy any standard JRE release later than 1.6.0_17, with the understanding that some of your users may encounter issues related to "Mismanaged session cookies"
  3. Deploy JRE 1.6.0_20-b05 (released via patch 9915543)
I understand that this is a frustrating state of affairs and I apologize for the continued delay in resolving this once and for all.  We're continuing to work with our colleagues in the Java division to get this set of fixes into the main JRE codelines.  I'll post updates here as soon as I have more information to share.

The preceding is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle.


Hi Stevan,

Thanks for this update. I have done test update for JRE1.6.0_17.
I found JRE1.5u20 is bugy and decide to go for JRE1.6u17, but our windows admins wants JRE1.6.0_21 on client PC as JRE1.6u21 is compatible for other tools.

If I update IE8+JRE1.6.0_21, will this configuration still have chances for 'Mismanaged Session Cookies" error ?
OR do you suggest to wait for release for JRE1.6u22 ?

Do you have any idea when JRE1.6.0_22 will be released and this version is stable for EBS like JRE1.6.0_17 ??

Thanks in advance !!

Kind regards,

Posted by Siva on July 22, 2010 at 09:40 PM PDT #


The article above confirms that JRE 1.6.0_21 still has the "Mismanaged session cookie" issue for EBS users. Please review the "Summary of options" section above.

Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.


Posted by Steven Chan on July 23, 2010 at 01:31 AM PDT #

Has a new release of java 1.6.0_21 been released? I've looked at your blog for 20 and 21 and the patch download comes with a JRE of 21, but not 20 update 5.


Posted by Brian on July 28, 2010 at 12:07 AM PDT #


No, a new version of 6u21 with these fixes has not been released yet. It's still being packaged; I'll post an email here as soon as it's available.

The latest fix available is released for the 6u20-b05 codeline via patch 9915543 (as noted in the article above). If you're having trouble getting access to that patch, please log a formal Service Request via My Oracle Support (formerly Metalink) to get one of our specialists engaged, and forward your Service Request number to me, too.


Posted by Steven Chan on July 28, 2010 at 03:04 AM PDT #

For what it's worth I can confirm export failures using release 21 against 11i ...

Posted by Simon on July 28, 2010 at 07:00 PM PDT #


Thanks for letting us know.


Posted by Steven Chan on July 29, 2010 at 01:44 AM PDT #


"Unfortunately, this release of JRE 6u21 (1.6.0_21-b06) still has the 'Mismanaged Session Cookie' issue that we reported in earlier articles. This can cause a failure of the following E-Business Suite functions with certain desktop and browser combinations, notably for IE 6 and 7 users"

I this also apply for IE8 users?


Posted by Tom on August 10, 2010 at 10:02 AM PDT #

Hi, Tom,

Yes, in certain conditions, this behaviour may affect IE 8 users, too. This issue is difficult to reproduce, so it may affect all IE users intermittently.


Posted by Steven Chan on August 11, 2010 at 02:22 AM PDT #


Thanks for the info in this post, it helped us fix an R12 issue we had where users could not access self-service web pages.

Patch 9915543 fixed the issue.

We're looking at automating the rollout of Java 1.6 to our desktop users. I have a question about that, if that's okay.

If we give users the version of Java 1.6 supplied by patch 9915543, they'll be on Version 6 Update 20 (build 1.6.0_20-rev-b05).

That'll fix the self-service login issue.

However, if we turn on Automatic Updates on Java, and a higher version of Java is installed automatically, does that mean that we'll get the self-service login error again, or can we assume that any versions of Java >1.5 update 20 will include the fix?

On my install of 1.6.0_20-rev-b05 I turned on Automatic Updates and clicked on the "Update Now" button, and was told that I already have the latest version of the Java Platform installed.

Any advice much appreciated.


Posted by Jim on September 12, 2010 at 07:58 PM PDT #

Hi Jim,

This fix is only available for the JRE 6u20 and 6u21 streams in the versions supplied within the patches:

JRE 1.6.0_21-b08 (patch 10021403)
JRE 1.6.0_20-b05 (patch 9915543)

This fix is not available in the versions of JRE 1.6.0_20 or JRE 1.6.0_21 that are downloaded from the usual sources, including through the 'Java Automatic Update' facility.

However, automatic updates is disabled on the two releases from the patches above and cannot be turned on. That is why when you clicked the 'Update Now' button you were not offered JRE 1.6.0_21 even though that standard release is available and is of course a later version than the one you have.

Even if you select the 'Check for Updates Automatically' option within the 'Java Control Panel' and apply the changes, when you open the control panel again you will see that the change was not actually saved and the feature is still disabled.

Unless your users download a version from another source and overwrite this one you should not have a problem.


Posted by Tim Mervyn on September 13, 2010 at 03:11 AM PDT #

Hi Tim,

Thanks for the update / reply.

Assuming we have a user base running Java build 1.6.0_20-rev-b05, how will we be able to find out when the standard version of Java available to the public via http://www.java.com/en/download/index.jsp will contain the bug fix?

The reason I ask is that we have staff who need up to date versions of Java in order to run other software applications. We have at least one application which requires users to run 1.6 Update 21 - if those same users need the patched version of Java to make R12 work, then they could have issues with the other software.

Presumably at some point the standard Java download will include the fix included in build 1.6.0_20-rev-b05, but I'm not sure what route we can use to find that out.

Any advice much appreciated.


Posted by Jim on September 20, 2010 at 05:24 PM PDT #

Hi Jim,

We are currently working towards the inclusion of this fix into a future Java standard release. This of course requires a number of testing cycles before it can finally be signed off. Unfortunately we cannot be anymore precise than that at this moment, please see http://blogs.oracle.com/stevenChan/2007/03/loose_lips_sink_ships.html for further information about our policies on this.

Once this fix does become available in the standard version of java it will be announced through the usual certification channels as well as through this blog. Until this time we will also continue to provide future versions of the plug-in with this fix included as required.

In the meantime if you do happen to encounter issues with your 3rd party software integration due to this Java release, please log the problem with support so that we may analyse further.


Posted by Tim Mervyn on September 22, 2010 at 07:50 PM PDT #


Slightly off topic but still relating to JRE 1.6.0_21, I am experiencing issues with this JRE against Oracle Forms 10g running in IE7. When an option is run to display a reports parameter form in a new window, the new window is opened but remains in a minimised state on the systray. Initially I suspected that this might have been a browser issue, but the problem occured with the update of the JRE to the above version. It seems to fit the EBS issue referred to above described as "Opening an HTML form to a new window from forms."

Anyone seen same or similar with this JRE used with Oracle Forms?

Posted by Will on October 05, 2010 at 06:03 PM PDT #

Hi, Will,

If this is for a generic issue with Oracle Forms (i.e. unrelated to the E-Business Suite), then I'd recommend logging a formal Service Request against the Fusion Middleware team with the details. They might be able to provide some Forms-specific guidance on this issue.


Posted by Steven Chan on October 06, 2010 at 02:25 AM PDT #

I noticed that update 22 was recently released. Does anyone know if that includes the mismatched session cookie fix?

Posted by Raegan Gibb on October 12, 2010 at 01:39 PM PDT #

Hello, Raegan,

Unfortunately not. See:

Warning: E-Business Suite Issues with Sun JRE 1.6.0_22


Posted by Steven Chan on October 13, 2010 at 06:34 AM PDT #

When we download the Oracle version of JRE such as, it installs JRE in family mode (using common folder jre6), and then it will be overwritten when the user on the desktop client do their own update. Is there anyway to setup on Ebusiness web server so that the JRE is installed in static mode (specific version folder), so it won't be overwritten when the user update their own JRE?

Posted by Damasus Laij on October 28, 2010 at 02:38 AM PDT #


I'm not aware of any method to do this. I'm not even sure that it's a good idea to give application servers that much control over an end-user desktop's configuration.


Posted by Steven Chan on October 28, 2010 at 07:35 AM PDT #

The main reason is that we don't want our ebusiness environment needs to deal with many issues in the future JRE that are not stable enough. If we allow a way to download the specific JRE in static mode, then the user still has the flexibility to install newer or older JRE for other apps on their desktops.

Posted by Damasus on October 28, 2010 at 08:18 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed


« February 2017