0046303: Review if context change check mechanism should be deleted

Openbravo Issue Tracking System - Retail Modules

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0046303

Retail Modules

Web POS

public

2021-04-20 08:10

2021-04-20 08:11

Reporter

caristu

Assigned To

Retail

Priority

high

Severity

minor

Reproducibility

have not tried

Status

new

Resolution

open

Platform

OS Version

Product Version

Target Version

Fixed in Version

Merge Request Status

Review Assigned To

OBNetwork customer

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

Summary

0046303: Review if context change check mechanism should be deleted

Description

With every backend request, it is checked whether the current context (client, org, user, role) has changed[1]. If changed, a confirmation is shown to the user in order to log in again.

In 3.0PR19Q1 version the CSRF token control mechanism was implemented. This is
a security token that changes with every new session.

So we have two mechanisms that keeps control about session changes. We should review if we can safely delete the context check on every request and use just the CSRF token control.

[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js#L62 [^]

Steps To Reproduce

Proposed Solution

Remove the context change check mechanism, in case we confirm that it can be safely replaced with the CSRF token check.

Additional Information

Tags

No tags attached.

Relationships

related to	defect	0046302		closed	caristu	Retail Modules	Context change is not properly checked in some requests
related to	feature request	0039123		closed	jarmendariz	Openbravo ERP	Add CSRF Token support