Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0037895Openbravo ERPA. Platformpublic2018-02-13 10:162018-02-13 13:32
ReporterAugustoMauch 
Assigned Toalostale 
PriorityimmediateSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR17Q4.1Fixed in Version3.0PR17Q4.1 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression levelProduction - Confirmed Stable
Regression date2016-04-26
Regression introduced in release3.0PR17Q3
Regression introduced by commithttps://code.openbravo.com/erp/devel/pi/rev/dafb9b081971 [^]
Triggers an Emergency PackNo
Summary0037895: ConcurrentModificationException when working with SessionListener.activeHttpSessions
DescriptionThe following exception has been found in a customer log:

b45df575 2018-02-12 16:53:13,566 [ajp-bio-127.0.0.1-8009-exec-54] ERROR org.openbravo.erpCommon.security.SessionListener - Error getting active session from context
java.util.ConcurrentModificationException
        at java.util.HashMap$HashIterator.nextEntry(HashMap.java:923)
        at java.util.HashMap$KeyIterator.next(HashMap.java:957)
        at org.openbravo.erpCommon.security.SessionListener.getActiveSession(SessionListener.java:178)
        at org.openbravo.erpCommon.obps.ActivationKey.shouldDeactivateSession(ActivationKey.java:1175)
        at org.openbravo.erpCommon.obps.ActivationKey.deactivateTimeOutSessions(ActivationKey.java:1131)
        at org.openbravo.erpCommon.obps.ActivationKey.checkOPSLimitations(ActivationKey.java:976)
        at org.openbravo.erpCommon.obps.ActivationKey.checkOPSLimitations(ActivationKey.java:923)

The access to the SessionListener.activeHttpSessions Set is not being properly managed, as it is possible to add/remove elements from it while it is being iterated.
Steps To Reproduce-
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0037893 closed alostale ConcurrentModificationException when working with SessionListener.activeHttpSessions 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-02-13 10:23alostaleTypedefect => backport
2018-02-13 10:23alostaleTarget Version => 3.0PR17Q4.1
2018-02-13 12:57hgbotCheckin
2018-02-13 12:57hgbotNote Added: 0102353
2018-02-13 12:57hgbotStatusscheduled => resolved
2018-02-13 12:57hgbotResolutionopen => fixed
2018-02-13 12:57hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR17Q4.1/rev/eadd42437276a775bf4516aa98765ee1d46eff31 [^]
2018-02-13 13:32AugustoMauchNote Added: 0102359
2018-02-13 13:32AugustoMauchStatusresolved => closed
2018-02-13 13:32AugustoMauchFixed in Version => 3.0PR17Q4.1

Notes
(0102353)
hgbot   
2018-02-13 12:57   
Repository: erp/backports/3.0PR17Q4.1
Changeset: eadd42437276a775bf4516aa98765ee1d46eff31
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Tue Feb 13 12:06:02 2018 +0100
URL: http://code.openbravo.com/erp/backports/3.0PR17Q4.1/rev/eadd42437276a775bf4516aa98765ee1d46eff31 [^]

fixed bug 37895, fixed bug 37901: incorrect CU handling in concurrency and POS

  Concurrent Users management had two different problems:
   * If a backoffice session was reused in POS closing backoffice browser, a CU
     session was counted and it was not deactivated while POS session was active.
     In this situation, the session should be deactivated if CU limit has been
     reached.
   * Code for creating and checking active http sessions in context was not thread
     safe, so it was possible to get an error when checking if session was active while
     other sessions were created/destroyed in paralell. This has been fixed by
     synchronizing on active session set. Having solved previous issue this should
     not create excessive contentention as it will be executed only if: CU limit has
     been reached and there are sessions created by mobile modules exclude POS.

---
M src/org/openbravo/erpCommon/obps/ActivationKey.java
M src/org/openbravo/erpCommon/security/SessionListener.java
---
(0102359)
AugustoMauch   
2018-02-13 13:32   
Code reviewed and verified