Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0030031Openbravo ERPA. Platformpublic2015-05-27 15:052017-06-02 18:22
highminorhave not tried
0030031: row created in ad_session for same cookie after every erp logout
Context of testing:
[2:56:18 PM] Stefan Huehner: create ad_session with status F
[2:56:25 PM] Stefan Huehner: if you login that same row changes to status S
[2:56:44 PM] Stefan Huehner: if you logout that row changes to session_active=n
[2:56:49 PM] Stefan Huehner: browser shows login page
[2:57:05 PM] Stefan Huehner: and on top you get 2 more rows in ad_session with that same for 'websession' and status = F again

This but is about that last line.
Having active erp login
Doing normal logout (which redirects to login page)
Does create 2 ad_session entries for same cookie (aka column websession)
Go to livebuilds. erp_pgsql_pi

now check ad_session content related to your logins (i.e. filter by your ip)
select ad_session_id,created,websession,remote_addr, username,login_status,* from ad_session where remote_addr = '<your client ip>' order by created desc limit 3;

An sql similar to that can be used to find the probably relevant rows assuming single user.

Note: livebuilds is example, probably reproducible in other systems (i.e. also noticed in online demo)
related to design defect 0035994 closed caristu Web service calls should not create ad_session entries being in an instance with unlimited web service calls 
related to defect 0038075 closed alostale row created in ad_session after Tomcat expires session 
blocks defect 0038079 closed alostale row created in ad_session opening openbravo base url 
causes defect 0038566 closed caristu Autologon and AuthenticationManagers using SSO not working 
Issue History
2015-05-27 15:05shuehnerNew Issue
2015-05-27 15:05shuehnerAssigned To => platform
2015-05-27 15:05shuehnerModules => Core
2015-05-27 15:05shuehnerTriggers an Emergency Pack => No
2015-06-05 09:03alostaleStatusnew => acknowledged
2015-06-05 09:04alostaleTarget Version => 3.0PR15Q3
2015-06-09 08:57alostaleStatusacknowledged => scheduled
2015-06-09 08:57alostaleAssigned Toplatform => caristu
2015-06-11 09:04caristuNote Added: 0078204
2015-06-11 09:07caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r8813
2015-06-11 09:08caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r8814
2015-06-11 09:11caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r8815
2015-06-29 10:49alostaleTarget Version3.0PR15Q3 =>
2015-11-11 12:12alostaleStatusscheduled => acknowledged
2015-11-11 12:13alostaleAssigned Tocaristu => platform
2017-05-17 08:47alostaleTag Attached: Performance
2017-05-17 08:48alostalePrioritynormal => high
2017-05-17 08:49caristuRelationship addedrelated to 0035994
2017-05-17 09:15caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r15183
2017-05-17 09:16caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r15184
2017-05-30 15:13alostaleSummaryDouble row created in ad_session for same cookie after every erp logout => row created in ad_session for same cookie after every erp logout
2017-05-30 15:20alostaleAssigned Toplatform => alostale
2017-05-30 15:20hgbotCheckin
2017-05-30 15:20hgbotNote Added: 0097015
2017-05-30 15:20hgbotStatusacknowledged => resolved
2017-05-30 15:20hgbotResolutionopen => fixed
2017-05-30 15:20hgbotFixed in SCM revision => [^]
2017-05-30 15:21alostaleReview Assigned To => caristu
2017-05-30 20:59hudsonbotCheckin
2017-05-30 20:59hudsonbotNote Added: 0097038
2017-06-02 18:22caristuNote Added: 0097114
2017-06-02 18:22caristuStatusresolved => closed
2017-06-02 18:22caristuFixed in Version => 3.0PR17Q3
2018-03-08 09:39alostaleRelationship addedrelated to 0038075
2018-03-08 12:39alostaleRelationship addedblocks 0038079
2018-05-24 17:50caristuRelationship addedcauses 0038566

2015-06-11 09:04   
(edited on: 2017-05-17 09:16)
The behavior seems to be different depending on the browser.

 - Firefox: in this case, when logout is done, the code in index.jsp is called twice and therefore the authenticate method of AuthenticationManager is executed two times. For this reason, a double row with status "F" is created in ad_session table.

 - Chrome: in this case, when logout is done, one record is created with status "F". This is also wrong.

2017-05-30 15:20   
Repository: erp/devel/pi
Changeset: 624c1fa5299c05dd0de944b06e65e33b3a7da6a9
Author: Asier Lostalé <asier.lostale <at>>
Date: Tue May 30 15:17:57 2017 +0200
URL: [^]

fixed bug 30031: row created in ad_session for same cookie after erp logout

  Logout navigates to root page (index.jsp) which in case of not logged in,
  redirects to login page.

  By default jsp pages creates a HttpSession if it does not exist, so finally
  we got a HttpSession + an AD_Session entry.

  Fixed by preventing session creation in index.jsp, and redirecting to login
  page if no session detected.

M src/index.jsp
M src/org/openbravo/authentication/
2017-05-30 20:59   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: [^]
Maturity status: Test
2017-06-02 18:22   
Code reviewed + tested OK.