Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0037929Openbravo ERPA. Platformpublic2018-02-15 12:042018-02-20 13:21
alostale 
alostale 
immediateminorhave not tried
closedfixed 
5
 
3.0PR18Q13.0PR18Q1 
caristu
Core
Production - Confirmed Stable
2016-05-02
3.0PR17Q3
http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/0bd874e354593cfb98d714cf2e0dd54e4864295b [^]
No
0037929: sys admin sessions created after reaching CU limit are not automatically kicked out
After concurrent users limit is reached, only users with System Admin role are allowed to log in the application.

When this limit is reached, before rejecting new logins, it is checked if there are logged in session that were inactive for the last 2 minutes and if so they are kicked out so log in is accepted.

System Admin sessions created in this situation are not automatically kicked out, so they only get deactivated releasing its CU after manual log out or after Tomcat timeout. They should be kicked out also if they were inactive for 2 minutes.
In an instance activated with 1 CU limit:

1. Log in with Openbravo user (session 1)
2. In another browser log in with Openbravo user (session 2)
   -> Warn about CU limit reached is displayed, but log in is allowed with only access to System Admin role
3. Without logging out, close browsers with session 1 and 2
4. Wait 3 minutes
5. Log in with a user that has NO access to System Admin
   -> ERROR: Login is rejected
      EXPECTED: Login should be allowed because sessions 1 and 2 should have been kicked out because they were inactive for more than 2 minutes
No tags attached.
blocks defect 0037928 closed alostale sys admin sessions created after reaching CU limit are not automatically kicked out 
Issue History
2018-02-15 12:11alostaleTypedefect => backport
2018-02-15 12:11alostaleTarget Version => 3.0PR18Q1
2018-02-15 13:04hgbotCheckin
2018-02-15 13:04hgbotNote Added: 0102436
2018-02-15 13:04hgbotStatusscheduled => resolved
2018-02-15 13:04hgbotResolutionopen => fixed
2018-02-15 13:04hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR18Q1/rev/4306e87ae836caaf0fd36216986dae3c960d727a [^]
2018-02-20 13:21caristuReview Assigned ToAugustoMauch => caristu
2018-02-20 13:21caristuNote Added: 0102526
2018-02-20 13:21caristuStatusresolved => closed
2018-02-20 13:21caristuFixed in Version => 3.0PR18Q1

Notes
(0102436)
hgbot   
2018-02-15 13:04   
Repository: erp/backports/3.0PR18Q1
Changeset: 4306e87ae836caaf0fd36216986dae3c960d727a
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Feb 15 13:01:08 2018 +0100
URL: http://code.openbravo.com/erp/backports/3.0PR18Q1/rev/4306e87ae836caaf0fd36216986dae3c960d727a [^]

fixed bug 37929: sys admin CUR sessions are not automatically kicked out

  System Admin CUR session (created when CU limit is reached), consume CU but
  were not kicked out after inactivity period before rejecting other logins.

  Fixed by including CUR sessions in the ones that are automatically always
  killed if no ping is detected for 2 minutes.

---
M src/org/openbravo/erpCommon/ad_process/HeartbeatProcess.java
M src/org/openbravo/erpCommon/obps/ActivationKey.java
---
(0102526)
caristu   
2018-02-20 13:21   
Reviewed