Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0037894Openbravo ERPA. Platformpublic2018-02-13 10:162018-02-13 13:33
ReporterAugustoMauch 
Assigned Toalostale 
PriorityimmediateSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR18Q1Fixed in Version3.0PR18Q1 
Merge Request Status
Review Assigned ToAugustoMauch
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression levelProduction - Confirmed Stable
Regression date2016-04-26
Regression introduced in release3.0PR17Q3
Regression introduced by commithttps://code.openbravo.com/erp/devel/pi/rev/dafb9b081971 [^]
Triggers an Emergency PackNo
Summary0037894: ConcurrentModificationException when working with SessionListener.activeHttpSessions
DescriptionThe following exception has been found in a customer log:

b45df575 2018-02-12 16:53:13,566 [ajp-bio-127.0.0.1-8009-exec-54] ERROR org.openbravo.erpCommon.security.SessionListener - Error getting active session from context
java.util.ConcurrentModificationException
        at java.util.HashMap$HashIterator.nextEntry(HashMap.java:923)
        at java.util.HashMap$KeyIterator.next(HashMap.java:957)
        at org.openbravo.erpCommon.security.SessionListener.getActiveSession(SessionListener.java:178)
        at org.openbravo.erpCommon.obps.ActivationKey.shouldDeactivateSession(ActivationKey.java:1175)
        at org.openbravo.erpCommon.obps.ActivationKey.deactivateTimeOutSessions(ActivationKey.java:1131)
        at org.openbravo.erpCommon.obps.ActivationKey.checkOPSLimitations(ActivationKey.java:976)
        at org.openbravo.erpCommon.obps.ActivationKey.checkOPSLimitations(ActivationKey.java:923)

The access to the SessionListener.activeHttpSessions Set is not being properly managed, as it is possible to add/remove elements from it while it is being iterated.
Steps To Reproduce-
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0037893 closed alostale ConcurrentModificationException when working with SessionListener.activeHttpSessions 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-02-13 10:23alostaleTypedefect => backport
2018-02-13 10:23alostaleTarget Version => 3.0PR18Q1
2018-02-13 12:58hgbotCheckin
2018-02-13 12:58hgbotNote Added: 0102355
2018-02-13 12:58hgbotStatusscheduled => resolved
2018-02-13 12:58hgbotResolutionopen => fixed
2018-02-13 12:58hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR18Q1/rev/ce1a0f24b4ca8280b9f907f6343e4f9da22efa75 [^]
2018-02-13 13:32alostaleReview Assigned To => AugustoMauch
2018-02-13 13:33AugustoMauchNote Added: 0102360
2018-02-13 13:33AugustoMauchStatusresolved => closed
2018-02-13 13:33AugustoMauchFixed in Version => 3.0PR18Q1

Notes
(0102355)
hgbot   
2018-02-13 12:58   
Repository: erp/backports/3.0PR18Q1
Changeset: ce1a0f24b4ca8280b9f907f6343e4f9da22efa75
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Tue Feb 13 12:06:02 2018 +0100
URL: http://code.openbravo.com/erp/backports/3.0PR18Q1/rev/ce1a0f24b4ca8280b9f907f6343e4f9da22efa75 [^]

fixed bug 37894, fixed bug 37900: incorrect CU handling in concurrency and POS

  Concurrent Users management had two different problems:
   * If a backoffice session was reused in POS closing backoffice browser, a CU
     session was counted and it was not deactivated while POS session was active.
     In this situation, the session should be deactivated if CU limit has been
     reached.
   * Code for creating and checking active http sessions in context was not thread
     safe, so it was possible to get an error when checking if session was active while
     other sessions were created/destroyed in paralell. This has been fixed by
     synchronizing on active session set. Having solved previous issue this should
     not create excessive contentention as it will be executed only if: CU limit has
     been reached and there are sessions created by mobile modules exclude POS.

---
M src/org/openbravo/erpCommon/obps/ActivationKey.java
M src/org/openbravo/erpCommon/security/SessionListener.java
---
(0102360)
AugustoMauch   
2018-02-13 13:33   
Code reviewed and verified