Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0037895Openbravo ERPA. Platformpublic2018-02-13 10:162018-02-13 13:32
immediateminorhave not tried
Production - Confirmed Stable
3.0PR17Q3 [^]
0037895: ConcurrentModificationException when working with SessionListener.activeHttpSessions
The following exception has been found in a customer log:

b45df575 2018-02-12 16:53:13,566 [ajp-bio-] ERROR - Error getting active session from context
        at java.util.HashMap$HashIterator.nextEntry(
        at java.util.HashMap$
        at org.openbravo.erpCommon.obps.ActivationKey.shouldDeactivateSession(
        at org.openbravo.erpCommon.obps.ActivationKey.deactivateTimeOutSessions(
        at org.openbravo.erpCommon.obps.ActivationKey.checkOPSLimitations(
        at org.openbravo.erpCommon.obps.ActivationKey.checkOPSLimitations(

The access to the SessionListener.activeHttpSessions Set is not being properly managed, as it is possible to add/remove elements from it while it is being iterated.
No tags attached.
blocks defect 0037893 closed alostale ConcurrentModificationException when working with SessionListener.activeHttpSessions 
Issue History
2018-02-13 10:23alostaleTypedefect => backport
2018-02-13 10:23alostaleTarget Version => 3.0PR17Q4.1
2018-02-13 12:57hgbotCheckin
2018-02-13 12:57hgbotNote Added: 0102353
2018-02-13 12:57hgbotStatusscheduled => resolved
2018-02-13 12:57hgbotResolutionopen => fixed
2018-02-13 12:57hgbotFixed in SCM revision => [^]
2018-02-13 13:32AugustoMauchNote Added: 0102359
2018-02-13 13:32AugustoMauchStatusresolved => closed
2018-02-13 13:32AugustoMauchFixed in Version => 3.0PR17Q4.1

2018-02-13 12:57   
Repository: erp/backports/3.0PR17Q4.1
Changeset: eadd42437276a775bf4516aa98765ee1d46eff31
Author: Asier Lostalé <asier.lostale <at>>
Date: Tue Feb 13 12:06:02 2018 +0100
URL: [^]

fixed bug 37895, fixed bug 37901: incorrect CU handling in concurrency and POS

  Concurrent Users management had two different problems:
   * If a backoffice session was reused in POS closing backoffice browser, a CU
     session was counted and it was not deactivated while POS session was active.
     In this situation, the session should be deactivated if CU limit has been
   * Code for creating and checking active http sessions in context was not thread
     safe, so it was possible to get an error when checking if session was active while
     other sessions were created/destroyed in paralell. This has been fixed by
     synchronizing on active session set. Having solved previous issue this should
     not create excessive contentention as it will be executed only if: CU limit has
     been reached and there are sessions created by mobile modules exclude POS.

M src/org/openbravo/erpCommon/obps/
M src/org/openbravo/erpCommon/security/
2018-02-13 13:32   
Code reviewed and verified