Project:
View Revisions: Issue #46303 | [ Back to Issue ] | ||
Summary | 0046303: Review if context change check mechanism should be deleted | ||
Revision | 2021-04-20 08:11 by caristu | ||
Description | With every backend request, it is checked whether the current context (client, org, user, role) has changed[1]. If changed, a confirmation is shown to the user in order to log in again. In 3.0PR19Q1 version the CSRF token control mechanism was implemented. This is a security token that changes with every new session. So we have two mechanisms that keeps control about session changes. We should review if we can safely delete the context check on every request and use just the CSRF token control. [1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js#L62 [^] |
||
Revision | 2021-04-20 08:10 by caristu | ||
Description | With every backend request, it is checked whether the current context (client, org, user, role) has changed. If changed, a confirmation is shown to the user in order to log in again. In 3.0PR19Q1 version the CSRF token control mechanism was implemented. This is a security token that changes with every new session. So we have two mechanisms that keeps control about session changes. We should review if we can safely delete the context check on every request and use just the CSRF token control. [1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js#L62 [^] |
Copyright © 2000 - 2009 MantisBT Group |