Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0012362Openbravo ERPA. Platformpublic2010-02-19 13:182010-03-10 18:30
Reportershuehner 
Assigned Toshuehner 
PriorityimmediateSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Versionpi 
Target VersionFixed in Version2.50MP12 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0012362: After a session timeout some http requests are still completely executed after the user is redirected to the login page
DescriptionIf as Users' session is timed-out or force-logged out. Then the user is (correctly) redirected to the login page so he can login again.

However in some cases the original http-request processing is not stopped after the redirect but continues. This continuation is not useful at all as the result will never be shown to the user (which is already seeing the login page),

In addition the original request cannot be executed successfully in most cases as the http session is already invalidated (so all values expected to be present are missing) leading to 'random' behavior.
Steps To ReproduceLogin as Openbravo admin
Goto Sales Management -> Transations -> Goods Shipment (or any other window with data).
Switch to grid view (Assuming grid is non-empty)
Force an session kill (update ad_session set session_active = 'N';commit) does force logout all sessions
Double click on any row shown in the grid
User gets redirected to the login page
See some exceptions shown in the logfile/eclipse-console
Proposed SolutionStop request processing in that case.
Additional Information
TagsNo tags attached.
Relationships
has duplicate defect 0007654 closed shuehner After session timeout the browser is redirected to the login page but the original servlet is still executed 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2010-02-19 13:18shuehnerNew Issue
2010-02-19 13:18shuehnerAssigned To => shuehner
2010-02-19 13:44hgbotCheckin
2010-02-19 13:44hgbotNote Added: 0024651
2010-02-19 13:44hgbotStatusnew => resolved
2010-02-19 13:44hgbotResolutionopen => fixed
2010-02-19 13:44hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/e2616479f44e2235fc2ee38a9c4b1687fceafac7 [^]
2010-02-19 17:13alostaleStatusresolved => closed
2010-02-19 17:13alostaleFixed in Version => 2.50MP12
2010-02-20 00:01anonymoussf_bug_id0 =>
2010-02-23 08:16alostaleRelationship addedrelated to 0012401
2010-03-03 13:48hudsonbotCheckin
2010-03-03 13:48hudsonbotNote Added: 0025001
2010-03-03 17:47shuehnerRelationship deletedrelated to 0012401
2010-03-10 18:30anonymoussf_bug_id => 2968090
2010-08-16 21:26shuehnerRelationship addedhas duplicate 0007654

Notes
(0024651)
hgbot   
2010-02-19 13:44   
Repository: erp/devel/pi
Changeset: e2616479f44e2235fc2ee38a9c4b1687fceafac7
Author: Stefan Hühner <stefan.huehner <at> openbravo.com>
Date: Fri Feb 19 13:45:50 2010 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/e2616479f44e2235fc2ee38a9c4b1687fceafac7 [^]

Fixed 12362: don't execute old request after redirect to login page
If the users session is timed-out (or force-logged out) redirect to
login page as usual, but don't continue executing the old request
as its not useful and can't work correctly

---
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
---
(0025001)
hudsonbot   
2010-03-03 13:48   
A changeset related to this issue has been promoted to main after passing a series of tests and an OBX has been generated:

Changeset: http://code.openbravo.com/erp/devel/main/rev/e2616479f44e [^]
Merge Changeset: http://code.openbravo.com/erp/devel/main/rev/17ddf2c3af51 [^]
Tests: http://builds.openbravo.com/view/devel-int/ [^]
OBX: http://builds.openbravo.com/erp/core/obx/OpenbravoERP-2.50CI.16508.obx [^]