0041344: After HTTP Session timeout, new requests from Web POS cause the insertion of a record in AD_SESSION with username NULL

Openbravo Issue Tracking System - Retail Modules
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0041344	Retail Modules	StoreServer	public	2019-07-12 12:14	2022-02-01 08:05

Reporter	mauricio_peccorini
Assigned To	Triage Platform Base
Priority	high	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Platform		OS	5	OS Version	Any
Product Version
Target Version		Fixed in Version
Merge Request Status
Review Assigned To
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency Pack	No

Summary	0041344: After HTTP Session timeout, new requests from Web POS cause the insertion of a record in AD_SESSION with username NULL
Description	The AuthenticationManager in use is: ->org.openbravo.authentication.AuthenticationManager -->org.openbravo.authentication.basic.DefaultAuthenticationManager ---> org.openbravo.mobile.core.authenticate.MobileKeyAuthenticationManager ----> org.openbravo.retail.alerting.authenticate.AlertingAuthenticationManager Change set versions: core: a4a442cd90a4 module org.openbravo.mobile.core: 558f27c4e7b9 module org.openbravo.retail.alerting: a7f0636d29d7 If the HTTP Session timeout in Tomcat or the load balancer is shorter than the time it takes for Web POS to lock the terminal. Whenever the session has expired, any new request from Web POS will fail, but a new record will be created in AD_SESSION with the following characteristics: 1. The field 'username' is null 2. The field 'login_status' is 'S' instead of 'OBPOS_POS' 3. The field 'em_obpos_store_org_id' is null 4. The field 'websession' has a different value from the original session record 4. Other relevant fields have the same information, including 'em_obpos_applications_id' Note this issue is reproducible also with MobileKeyAuthenticationManager
Steps To Reproduce	1. Setup the session timeout to 1 minute either in Tomcat or the load balancer (if there is one) 2. Log on to Web POS and start the creation of a ticket 3. Wait for the HTTP session to expire 4. Perform any action that generates a request to the server (i.e.: search for a business partner) 5. Query AD_SESSION for records created in the past few minutes, there will be two records from the terminal in use, one with the appropriate data and one as described above Questionable behavior: - With DefatultAuthenticantionManager, after Tomcat expires session, user is requested to log in again. With MobileKeyAuthenticationManager they are transparently logged in. Incorrect behavior: - New session created in AD_Session - This new session is of type S which consumes backend user - This session lacks some info (username...)
Proposed Solution
Additional Information
Tags	No tags attached.
Relationships
Attached Files

Issue History
Date Modified	Username	Field	Change
2019-07-12 12:14	mauricio_peccorini	New Issue
2019-07-12 12:14	mauricio_peccorini	Assigned To	=> platform
2019-07-12 12:14	mauricio_peccorini	Web browser	=> Google Chrome
2019-07-12 12:14	mauricio_peccorini	Modules	=> Core
2019-07-12 12:14	mauricio_peccorini	Triggers an Emergency Pack	=> No
2019-07-12 13:19	guillermogil	Web browser	Google Chrome => Google Chrome
2019-07-31 15:41	alostale	Project	Openbravo ERP => Retail Modules
2019-07-31 15:46	alostale	Category	A. Platform => StoreServer
2019-07-31 15:46	alostale	version	3.0PR19Q1 =>
2019-07-31 15:46	alostale	Target Version	3.0PR19Q1 =>
2019-07-31 15:46	alostale	Description Updated	bug_revision_view_page.php?rev_id=19233#r19233
2019-07-31 15:46	alostale	Steps to Reproduce Updated	bug_revision_view_page.php?rev_id=19235#r19235
2022-02-01 08:05	alostale	Assigned To	platform => Triage Platform Base

There are no notes attached to this issue.