Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #46303 Back to Issue ]
Summary 0046303: Review if context change check mechanism should be deleted
Revision 2021-04-20 08:11 by caristu
Description With every backend request, it is checked whether the current context (client, org, user, role) has changed[1]. If changed, a confirmation is shown to the user in order to log in again.

In 3.0PR19Q1 version the CSRF token control mechanism was implemented. This is
a security token that changes with every new session.

So we have two mechanisms that keeps control about session changes. We should review if we can safely delete the context check on every request and use just the CSRF token control.

[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js#L62 [^]
Revision 2021-04-20 08:10 by caristu
Description With every backend request, it is checked whether the current context (client, org, user, role) has changed. If changed, a confirmation is shown to the user in order to log in again.

In 3.0PR19Q1 version the CSRF token control mechanism was implemented. This is
a security token that changes with every new session.

So we have two mechanisms that keeps control about session changes. We should review if we can safely delete the context check on every request and use just the CSRF token control.


[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js#L62 [^]


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker