Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0038075Openbravo ERPA. Platformpublic2018-03-08 09:392018-03-12 11:27
highminorhave not tried
0038075: row created in ad_session after Tomcat expires session
Having browser's tab open after Tomcat expires session, Openbravo automatically shows login page. When this occurs a new row is wrongly created in ad_session table.
1. Log in Openbravo
2. Keep browser open for 1hr (or whatever timeout you configured in Tomcat)
   -> OK: login page is shown
      FAIL: check ad_session: there is a new row in with status F (Failed) and no username
related to defect 0030031 closed alostale row created in ad_session for same cookie after every erp logout 
related to defect 0038079 closed alostale row created in ad_session opening openbravo base url 
Issue History
2018-03-08 09:39alostaleNew Issue
2018-03-08 09:39alostaleAssigned To => platform
2018-03-08 09:39alostaleModules => Core
2018-03-08 09:39alostaleTriggers an Emergency Pack => No
2018-03-08 09:39alostaleRelationship addedrelated to 0030031
2018-03-08 09:40alostaleTag Attached: Performance
2018-03-08 12:39alostaleRelationship addedrelated to 0038079
2018-03-08 17:00alostaleAssigned Toplatform => alostale
2018-03-08 17:00alostaleReview Assigned To => caristu
2018-03-08 17:02hgbotCheckin
2018-03-08 17:02hgbotNote Added: 0103100
2018-03-08 17:02hgbotStatusnew => resolved
2018-03-08 17:02hgbotResolutionopen => fixed
2018-03-08 17:02hgbotFixed in SCM revision => [^]
2018-03-09 04:28hudsonbotCheckin
2018-03-09 04:28hudsonbotNote Added: 0103107
2018-03-12 11:27caristuNote Added: 0103150
2018-03-12 11:27caristuStatusresolved => closed
2018-03-12 11:27caristuFixed in Version => 3.0PR18Q2

2018-03-08 17:02   
Repository: erp/devel/pi
Changeset: cbec1a26a9f46301eba0c61de45d88e2dd996fe1
Author: Asier Lostalé <asier.lostale <at>>
Date: Thu Mar 08 16:59:52 2018 +0100
URL: [^]

fixed bug 38075: row created in ad_session after Tomcat expires session

  AuthenticationManger created a new ad_session row when trying to authenticate
  on an already invalidated session, which occurs on Tomcat session expiration.

  To prevent this, now ad_session records won't be created for empty username which
  is triggered by this case.

M src/org/openbravo/authentication/
2018-03-09 04:28   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: [^]
Maturity status: Test
2018-03-12 11:27   
Code reviewed + tested OK.