Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0014012Openbravo ERPA. Platformpublic2010-07-20 18:402010-08-16 17:48
Reportershuehner 
Assigned Toiperdomo 
PriorityurgentSeveritymajorReproducibilityhave not tried
StatusclosedResolutionno change required 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0014012: Race-condition when doing Login having an AuthenticationManager (and using DeepLinking)
DescriptionWhen using an authentication manager the SessionLogin.save call (which inserts the row into ad_session) is done late in the sevice method of the HttpSecureAppServlet class without doing an immediate commit.
So only the implicit commit at end of the HTTP-request finally makes the row visible to other connections.

However in the service methods another xsql method checks this db-row already.
When doing a login (i.e. with DeepLinking) several requests are in flight at the same time -> Race-Condition if another requests checks the row via the xsql-method before the dal-using request finishes (and did its commit)

-> xsql-method doing force-logout
Steps To Reproducesee also support ticket 8143
Proposed Solutiondo a commit after inserting the new row
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2010-07-20 18:40shuehnerNew Issue
2010-07-20 18:40shuehnerAssigned To => shuehner
2010-07-20 18:41shuehnerNote Added: 0029421
2010-07-21 11:28hgbotCheckin
2010-07-21 11:28hgbotNote Added: 0029428
2010-07-21 11:28hgbotStatusnew => resolved
2010-07-21 11:28hgbotResolutionopen => fixed
2010-07-21 11:28hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/94fcf9a433af8b7dedd82a034a5c75c831603407 [^]
2010-07-24 22:54hudsonbotCheckin
2010-07-24 22:54hudsonbotNote Added: 0029544
2010-08-10 16:04alostaleStatusresolved => closed
2010-08-10 16:04alostaleFixed in Version => 2.50MP21
2010-08-11 00:00anonymoussf_bug_id0 => 3042775
2010-08-16 17:47iperdomoAssigned Toshuehner => iperdomo
2010-08-16 17:47iperdomoStatusclosed => new
2010-08-16 17:47iperdomoResolutionfixed => open
2010-08-16 17:47iperdomoFixed in Version2.50MP21 =>
2010-08-16 17:47iperdomoStatusnew => scheduled
2010-08-16 17:47iperdomofix_in_branch => pi
2010-08-16 17:48iperdomoStatusscheduled => closed
2010-08-16 17:48iperdomoResolutionopen => no change required

Notes
(0029421)
shuehner   
2010-07-20 18:41   
Note: The code probably intended to do a commit using a flush() call, however the flush() call does not do a commit but just the sql insert/update statement without committing the transaction.
(0029428)
hgbot   
2010-07-21 11:28   
Repository: erp/devel/pi
Changeset: 94fcf9a433af8b7dedd82a034a5c75c831603407
Author: Stefan Hühner <stefan.huehner <at> openbravo.com>
Date: Wed Jul 21 11:28:33 2010 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/94fcf9a433af8b7dedd82a034a5c75c831603407 [^]

Fixed 14012: Do commit immediately after insert into ad_session..
.. to prevent a race condition with other requests using i.e. xsql-queries
which otherwise don't see the inserted record early enough.
This happens when using DeepLinking together with any custom AuthManager.

---
M src/org/openbravo/erpCommon/security/SessionLogin.java
---
(0029544)
hudsonbot   
2010-07-24 22:54   
A changeset related to this issue has been promoted to main after passing a series of tests and an OBX has been generated:

Changeset: http://code.openbravo.com/erp/devel/main/rev/94fcf9a433af [^]
Merge Changeset: http://code.openbravo.com/erp/devel/main/rev/eb739d47ff2b [^]
Tests: http://builds.openbravo.com/view/int/ [^]
OBX: http://builds.openbravo.com/erp/core/obx/OpenbravoERP-2.50CI.17900.obx [^]