Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0030031Openbravo ERPA. Platformpublic2015-05-27 15:052017-06-02 18:22
Reportershuehner 
Assigned Toalostale 
PriorityhighSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR17Q3 
Merge Request Status
Review Assigned Tocaristu
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0030031: row created in ad_session for same cookie after every erp logout
DescriptionContext of testing:
[2:56:18 PM] Stefan Huehner: create ad_session with status F
[2:56:25 PM] Stefan Huehner: if you login that same row changes to status S
[2:56:44 PM] Stefan Huehner: if you logout that row changes to session_active=n
[2:56:49 PM] Stefan Huehner: browser shows login page
[2:57:05 PM] Stefan Huehner: and on top you get 2 more rows in ad_session with that same for 'websession' and status = F again

This but is about that last line.
Having active erp login
Doing normal logout (which redirects to login page)
Does create 2 ad_session entries for same cookie (aka column websession)
Steps To ReproduceGo to livebuilds. erp_pgsql_pi
login
logout

now check ad_session content related to your logins (i.e. filter by your ip)
select ad_session_id,created,websession,remote_addr, username,login_status,* from ad_session where remote_addr = '<your client ip>' order by created desc limit 3;

An sql similar to that can be used to find the probably relevant rows assuming single user.

Note: livebuilds is example, probably reproducible in other systems (i.e. also noticed in online demo)
Proposed Solution
Additional Information
TagsPerformance
Relationships
related to design defect 0035994 closed caristu Web service calls should not create ad_session entries being in an instance with unlimited web service calls 
related to defect 0038075 closed alostale row created in ad_session after Tomcat expires session 
blocks defect 0038079 closed alostale row created in ad_session opening openbravo base url 
causes defect 0038566 closed caristu Autologon and AuthenticationManagers using SSO not working 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2015-05-27 15:05shuehnerNew Issue
2015-05-27 15:05shuehnerAssigned To => platform
2015-05-27 15:05shuehnerModules => Core
2015-05-27 15:05shuehnerTriggers an Emergency Pack => No
2015-06-05 09:03alostaleStatusnew => acknowledged
2015-06-05 09:04alostaleTarget Version => 3.0PR15Q3
2015-06-09 08:57alostaleStatusacknowledged => scheduled
2015-06-09 08:57alostaleAssigned Toplatform => caristu
2015-06-11 09:04caristuNote Added: 0078204
2015-06-11 09:07caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r8813
2015-06-11 09:08caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r8814
2015-06-11 09:11caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r8815
2015-06-29 10:49alostaleTarget Version3.0PR15Q3 =>
2015-11-11 12:12alostaleStatusscheduled => acknowledged
2015-11-11 12:13alostaleAssigned Tocaristu => platform
2017-05-17 08:47alostaleTag Attached: Performance
2017-05-17 08:48alostalePrioritynormal => high
2017-05-17 08:49caristuRelationship addedrelated to 0035994
2017-05-17 09:15caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r15183
2017-05-17 09:16caristuNote Edited: 0078204bug_revision_view_page.php?bugnote_id=0078204#r15184
2017-05-30 15:13alostaleSummaryDouble row created in ad_session for same cookie after every erp logout => row created in ad_session for same cookie after every erp logout
2017-05-30 15:20alostaleAssigned Toplatform => alostale
2017-05-30 15:20hgbotCheckin
2017-05-30 15:20hgbotNote Added: 0097015
2017-05-30 15:20hgbotStatusacknowledged => resolved
2017-05-30 15:20hgbotResolutionopen => fixed
2017-05-30 15:20hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/624c1fa5299c05dd0de944b06e65e33b3a7da6a9 [^]
2017-05-30 15:21alostaleReview Assigned To => caristu
2017-05-30 20:59hudsonbotCheckin
2017-05-30 20:59hudsonbotNote Added: 0097038
2017-06-02 18:22caristuNote Added: 0097114
2017-06-02 18:22caristuStatusresolved => closed
2017-06-02 18:22caristuFixed in Version => 3.0PR17Q3
2018-03-08 09:39alostaleRelationship addedrelated to 0038075
2018-03-08 12:39alostaleRelationship addedblocks 0038079
2018-05-24 17:50caristuRelationship addedcauses 0038566

Notes
(0078204)
caristu   
2015-06-11 09:04   
(edited on: 2017-05-17 09:16)
The behavior seems to be different depending on the browser.

 - Firefox: in this case, when logout is done, the code in index.jsp is called twice and therefore the authenticate method of AuthenticationManager is executed two times. For this reason, a double row with status "F" is created in ad_session table.

 - Chrome: in this case, when logout is done, one record is created with status "F". This is also wrong.
(0097015)
hgbot   
2017-05-30 15:20   
Repository: erp/devel/pi
Changeset: 624c1fa5299c05dd0de944b06e65e33b3a7da6a9
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Tue May 30 15:17:57 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/624c1fa5299c05dd0de944b06e65e33b3a7da6a9 [^]

fixed bug 30031: row created in ad_session for same cookie after erp logout

  Logout navigates to root page (index.jsp) which in case of not logged in,
  redirects to login page.

  By default jsp pages creates a HttpSession if it does not exist, so finally
  we got a HttpSession + an AD_Session entry.

  Fixed by preventing session creation in index.jsp, and redirecting to login
  page if no session detected.

---
M src/index.jsp
M src/org/openbravo/authentication/AuthenticationManager.java
---
(0097038)
hudsonbot   
2017-05-30 20:59   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/b1bab5011974 [^]
Maturity status: Test
(0097114)
caristu   
2017-06-02 18:22   
Code reviewed + tested OK.