0047257: Profile change invalidates current session, requiring log-in again

Openbravo Issue Tracking System - POS2

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0047257

POS2

POS

public

2021-06-28 10:50

2021-06-28 15:31

Reporter

cberner

Assigned To

cberner

Priority

high

Severity

critical

Reproducibility

have not tried

Status

closed

Resolution

fixed

Platform

OS Version

Product Version

Target Version

TAP

Fixed in Version

TAP

Merge Request Status

Review Assigned To

caristu

OBNetwork customer

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

Summary

0047257: Profile change invalidates current session, requiring log-in again

Description

When changing profile, the session is invalidated, making it impossible to switch profile or pay tickets without relogging. It is not possible to switch back to the previous profile either, without relogging.

This makes profile button/feature useless, as it requires marking by default a profile, instead of using the expected switch to x profile, as expected.

In backend when the profile changes this is the message that appears in tomcat log:
2021-06-28 10:39:38,095 [http-nio-8080-exec-1] ERROR org.openbravo.mobile.core.process.MobileService - CSRF token check failed. Request=/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.retail.posterminal.OrderLoader, SessionID=A0A04E29ED22683F1153877A5C1CAED7, SessionToken=3F503F025D9D40629D3BFDC99098FDD5, RequestToken=8FB1701AE7E14C48B6D25C88F2E8E4A7

Steps To Reproduce

1. Open and login in WebPOS
2. Click on user and Profile, change it to something else
3. Try to pay a ticket, or opening profile popup again. (it will fail with a similar error as in attached screenshot)

You may reproduce it in livebuilds: https://livebuilds.openbravo.com/retail_pos2_pgsql/web/pos/?terminal=VBS-2 [^]

Proposed Solution

Additional Information