Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #41344 Back to Issue ]
Summary 0041344: After HTTP Session timeout, new requests from Web POS cause the insertion of a record in AD_SESSION with username NULL
Revision 2019-07-31 15:46 by alostale
Steps To Reproduce 1. Setup the session timeout to 1 minute either in Tomcat or the load balancer (if there is one)
2. Log on to Web POS and start the creation of a ticket
3. Wait for the HTTP session to expire
4. Perform any action that generates a request to the server (i.e.: search for a business partner)
5. Query AD_SESSION for records created in the past few minutes, there will be two records from the terminal in use, one with the appropriate data and one as described above

Questionable behavior:
- With DefatultAuthenticantionManager, after Tomcat expires session, user is requested to log in again. With MobileKeyAuthenticationManager they are transparently logged in.

Incorrect behavior:
- New session created in AD_Session
- This new session is of type S which consumes backend user
- This session lacks some info (username...)
Revision 2019-07-31 15:46 by alostale
Description The AuthenticationManager in use is:
->org.openbravo.authentication.AuthenticationManager
-->org.openbravo.authentication.basic.DefaultAuthenticationManager
---> org.openbravo.mobile.core.authenticate.MobileKeyAuthenticationManager
----> org.openbravo.retail.alerting.authenticate.AlertingAuthenticationManager
Change set versions:
core: a4a442cd90a4
module org.openbravo.mobile.core: 558f27c4e7b9
module org.openbravo.retail.alerting: a7f0636d29d7

If the HTTP Session timeout in Tomcat or the load balancer is shorter than the time it takes for Web POS to lock the terminal. Whenever the session has expired, any new request from Web POS will fail, but a new record will be created in AD_SESSION with the following characteristics:
1. The field 'username' is null
2. The field 'login_status' is 'S' instead of 'OBPOS_POS'
3. The field 'em_obpos_store_org_id' is null
4. The field 'websession' has a different value from the original session record
4. Other relevant fields have the same information, including 'em_obpos_applications_id'

Note this issue is reproducible also with MobileKeyAuthenticationManager
Revision 2019-07-31 15:41 by alostale
Steps To Reproduce 1. Setup the session timeout to 1 minute either in Tomcat or the load balancer (if there is one)
2. Log on to Web POS and start the creation of a ticket
3. Wait for the HTTP session to expire
4. Perform any action that generates a request to the server (i.e.: search for a business partner)
5. Query AD_SESSION for records created in the past few minutes, there will be two records from the terminal in use, one with the appropriate data and one as described above
Revision 2019-07-31 15:41 by alostale
Description The AuthenticationManager in use is:
->org.openbravo.authentication.AuthenticationManager
-->org.openbravo.authentication.basic.DefaultAuthenticationManager
---> org.openbravo.mobile.core.authenticate.MobileKeyAuthenticationManager
----> org.openbravo.retail.alerting.authenticate.AlertingAuthenticationManager
Change set versions:
core: a4a442cd90a4
module org.openbravo.mobile.core: 558f27c4e7b9
module org.openbravo.retail.alerting: a7f0636d29d7

If the HTTP Session timeout in Tomcat or the load balancer is shorter than the time it takes for Web POS to lock the terminal. Whenever the session has expired, any new request from Web POS will fail, but a new record will be created in AD_SESSION with the following characteristics:
1. The field 'username' is null
2. The field 'login_status' is 'S' instead of 'OBPOS_POS'
3. The field 'em_obpos_store_org_id' is null
4. The field 'websession' has a different value from the original session record
4. Other relevant fields have the same information, including 'em_obpos_applications_id'


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker