0037928: sys admin sessions created after reaching CU limit are not automatically kicked out

Anonymous | Login

Project:

News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #37928		[ Back to Issue ]
Summary	0037928: sys admin sessions created after reaching CU limit are not automatically kicked out

Revision	2018-02-15 12:30 by alostale
Steps To Reproduce	In an instance activated with 1 CU limit: 1. Log in with Openbravo user (session 1) 2. In another browser log in with Openbravo user (session 2) -> Warn about CU limit reached is displayed, but log in is allowed with only access to System Admin role 3. Without logging out, close browsers with session 1 and 2 4. Wait 3 minutes 5. Log in with a user that has NO access to System Admin -> ERROR: Login is rejected EXPECTED: Login should be allowed because sessions 1 and 2 should have been kicked out because they were abandoned for more than 2 minutes

Revision	2018-02-15 12:30 by alostale
Description	After concurrent users limit is reached, only users with System Admin role are allowed to log in the application. When this limit is reached, before rejecting new logins, it is checked if there are logged in session that were abandoned for the last 2 minutes and if so they are kicked out so log in is accepted. System Admin sessions created in this situation are not automatically kicked out, so they only get deactivated releasing its CU after manual log out or after Tomcat timeout. They should be kicked out also if they were inactive for 2 minutes.

Revision	2018-02-15 12:11 by alostale
Steps To Reproduce	In an instance activated with 1 CU limit: 1. Log in with Openbravo user (session 1) 2. In another browser log in with Openbravo user (session 2) -> Warn about CU limit reached is displayed, but log in is allowed with only access to System Admin role 3. Without logging out, close browsers with session 1 and 2 4. Wait 3 minutes 5. Log in with a user that has NO access to System Admin -> ERROR: Login is rejected EXPECTED: Login should be allowed because sessions 1 and 2 should have been kicked out because they were inactive for more than 2 minutes

Revision	2018-02-15 12:11 by alostale
Description	After concurrent users limit is reached, only users with System Admin role are allowed to log in the application. When this limit is reached, before rejecting new logins, it is checked if there are logged in session that were inactive for the last 2 minutes and if so they are kicked out so log in is accepted. System Admin sessions created in this situation are not automatically kicked out, so they only get deactivated releasing its CU after manual log out or after Tomcat timeout. They should be kicked out also if they were inactive for 2 minutes.