Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0037894Openbravo ERPA. Platformpublic2018-02-13 10:162018-02-13 13:33
AugustoMauch 
alostale 
immediateminorhave not tried
closedfixed 
5
 
3.0PR18Q13.0PR18Q1 
AugustoMauch
Core
Production - Confirmed Stable
2016-04-26
3.0PR17Q3
https://code.openbravo.com/erp/devel/pi/rev/dafb9b081971 [^]
No
0037894: ConcurrentModificationException when working with SessionListener.activeHttpSessions
The following exception has been found in a customer log:

b45df575 2018-02-12 16:53:13,566 [ajp-bio-127.0.0.1-8009-exec-54] ERROR org.openbravo.erpCommon.security.SessionListener - Error getting active session from context
java.util.ConcurrentModificationException
        at java.util.HashMap$HashIterator.nextEntry(HashMap.java:923)
        at java.util.HashMap$KeyIterator.next(HashMap.java:957)
        at org.openbravo.erpCommon.security.SessionListener.getActiveSession(SessionListener.java:178)
        at org.openbravo.erpCommon.obps.ActivationKey.shouldDeactivateSession(ActivationKey.java:1175)
        at org.openbravo.erpCommon.obps.ActivationKey.deactivateTimeOutSessions(ActivationKey.java:1131)
        at org.openbravo.erpCommon.obps.ActivationKey.checkOPSLimitations(ActivationKey.java:976)
        at org.openbravo.erpCommon.obps.ActivationKey.checkOPSLimitations(ActivationKey.java:923)

The access to the SessionListener.activeHttpSessions Set is not being properly managed, as it is possible to add/remove elements from it while it is being iterated.
-
No tags attached.
blocks defect 0037893 closed alostale ConcurrentModificationException when working with SessionListener.activeHttpSessions 
Issue History
2018-02-13 10:23alostaleTypedefect => backport
2018-02-13 10:23alostaleTarget Version => 3.0PR18Q1
2018-02-13 12:58hgbotCheckin
2018-02-13 12:58hgbotNote Added: 0102355
2018-02-13 12:58hgbotStatusscheduled => resolved
2018-02-13 12:58hgbotResolutionopen => fixed
2018-02-13 12:58hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR18Q1/rev/ce1a0f24b4ca8280b9f907f6343e4f9da22efa75 [^]
2018-02-13 13:32alostaleReview Assigned To => AugustoMauch
2018-02-13 13:33AugustoMauchNote Added: 0102360
2018-02-13 13:33AugustoMauchStatusresolved => closed
2018-02-13 13:33AugustoMauchFixed in Version => 3.0PR18Q1

Notes
(0102355)
hgbot   
2018-02-13 12:58   
Repository: erp/backports/3.0PR18Q1
Changeset: ce1a0f24b4ca8280b9f907f6343e4f9da22efa75
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Tue Feb 13 12:06:02 2018 +0100
URL: http://code.openbravo.com/erp/backports/3.0PR18Q1/rev/ce1a0f24b4ca8280b9f907f6343e4f9da22efa75 [^]

fixed bug 37894, fixed bug 37900: incorrect CU handling in concurrency and POS

  Concurrent Users management had two different problems:
   * If a backoffice session was reused in POS closing backoffice browser, a CU
     session was counted and it was not deactivated while POS session was active.
     In this situation, the session should be deactivated if CU limit has been
     reached.
   * Code for creating and checking active http sessions in context was not thread
     safe, so it was possible to get an error when checking if session was active while
     other sessions were created/destroyed in paralell. This has been fixed by
     synchronizing on active session set. Having solved previous issue this should
     not create excessive contentention as it will be executed only if: CU limit has
     been reached and there are sessions created by mobile modules exclude POS.

---
M src/org/openbravo/erpCommon/obps/ActivationKey.java
M src/org/openbravo/erpCommon/security/SessionListener.java
---
(0102360)
AugustoMauch   
2018-02-13 13:33   
Code reviewed and verified