Error javaioIOException Authorization Required Invalid Session ID or Session Expired


We have a trading partner who recently upgraded to WM6. Basically, we do an HTTP post of our transactions to their server (passing through HTTPS protocol). The system we are using to post is WM4.0.1 (SAP Business Connector). Ever since our trading partner has upgraded their WM, we have never been able to establish a successful connection and is getting the following error: Authorization Required: Invalid Session ID or Session Expired

This happens when a normal transaction is run from the BackEnd SAP system who passes the IDoc transaction data to our WM4.0.1 server to map it to XML format. Afterwhich it will HTTP post it to the vendor’s server using the HTTPS protocol.

However, when i try manually reprocessing the transactions from the WM Integrator/Developer, through a getMessage to bring back the IDoc data into the pipeline, and re-post it, it is able to process the transactions successfully.

Anyone has an idea what may be happenning here? Any information would be greatly appreciated. Thanks! – Choy

Hi Eduardo,

Recently we had the same problem and we’ve solved this by entering a new parameter into the Webmethods Administrator → Settings → Extended

Here you add following parameter:

Don’t forget to save this change and to reboot your server.

Good luck,



Thanks for that one. It drives me crazy!


Guys - Ever noticed how WM servers only have problems when HTTP-posting to each other? :-]

Eduardo - David’s suggestion is good. The WM pub.client:http service seems to automatically reuse cookies received from previous posts - this stops it doing so.

This problem can also be fixed if your partner’s receive service (in the WM6 server) is set to “stateless” in the service settings in developer. This stops extended session being setup, so there is nothing to expire. For eg: the service is set to “stateless”.

I am assuming your service doesn’t use sessions - if it does, take a look at Integration Server 4.6 Fix 125 - there also may be a separate fix for IS 4.0.1.

depends on which version u’re using. if it’s IS6.0, try any of the following:

  1. change invoked service to ‘stateless’
  2. apply fix - IS_6-0-1_SP2_Fix114.jar in “…\IntegrationServer\updates…”
    3.or another option, use ‘anonymous’. then set the codes itself to validate the user.