Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002224Openbravo ERPC. Securitypublic2007-11-01 21:282008-11-26 14:02
Reporterpjuvara 
Assigned Toalostale 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version2.40alpha-r2 
Merge Request Status
Review Assigned To
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0002224: AT235: Users with two clients see transactions in wrong one
DescriptionProblem Description
===================
A user having access to two clients (client A and client B) can see a transaction created in one client from the other client.

Environment
===========
2.35 Acceptance Testing
Postgre

How To Reproduce
================
In a standard installation with BigBazaar client, create a second client and call it ClientB.
In ClientB, create a sales order header and save it.
Without logging out, switch role to BigBazaar Admin and navigate to the sales order window.
The window behavior is such that it queries back the last transaction queried by the user, regardless of the client context.
As a result, the sales order created in ClientB is retrieved in BigBazaar client.

Notes
=====
This is not a security issue since the user has access to that transaction in the first place, but further attempts to process that transaction might give unpredictable results and cause data corruption.
Steps To Reproduce
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2008-11-26 14:02psarobeRegression testing => No
2008-11-26 14:02psarobeStatusresolved => closed

Notes
(0005813)
user71   
2005-06-01 00:00   
(edited on: 2008-06-12 09:43)
This bug was originally reported in SourceForge bug tracker and then migrated to Mantis.

You can see the original bug report in:
https://sourceforge.net/support/tracker.php?aid=1824278 [^]
(0002584)
psarobe   
2008-01-24 09:53   
(edited on: 2008-06-12 09:23)
Logged In: YES
user_id=1500703
Originator: NO

Regarding on this:

Also check this issue.

Environment
===========
2.35 ORACLE, Linux

Steps to reproduce
==================
-Working with two clients. Client A, client B
-One of the client, e.g Client A, must have a preference for Sales Order window where the attribute must be C_DOCTYPETARGET_ID with value the ID for the document type "Standard order" for that client A
-To do this go to General Setup->Application->Preferences
-Then login with Client B and go to Financial management->Accounting->Setup->Document type and see which document type has the check "Default" mark. If it is "Standard Order" or "Returned material" mark then unmark. Mark another one, for example Warehouse order
-Logout and login again with client B and go to Sales management->Transactions->Sales order
-Click new and see if in the Transaction document it is the value "Warehouse Order". Then OK
-Now Logout and login with client A and go to Sales management->Transactions->Sales order
-Click new and see if in the Transaction document it is the value Standard order. Then OK
-Now Logout and login again with client B and go to Sales management->Transactions->Sales order
-Click new and see if in the Transaction document it is the value "Return material". If it does, then it's wrong because it has to be "Warehouse Order".

This happens because although I login with client B, and because I login before with client A, it still remains in the session the values for client A, instead of being removed when I login with another client (Client B)
(0002585)
alostale   
2008-05-12 10:21   
(edited on: 2008-06-12 09:23)
Logged In: YES
user_id=1500722
Originator: NO

This is fixed within security review project