0007654: After session timeout the browser is redirected to the login page but the original servlet is still executed

Openbravo Issue Tracking System - Openbravo ERP

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0007654

Openbravo ERP

A. Platform

public

2009-02-18 18:12

2010-08-17 00:00

Reporter

shuehner

Assigned To

shuehner

Priority

low

Severity

minor

Reproducibility

have not tried

Status

closed

Resolution

duplicate

Platform

OS Version

Product Version

Target Version

Fixed in Version

Merge Request Status

Review Assigned To

OBNetwork customer

Web browser

Modules

Core

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

Summary

0007654: After session timeout the browser is redirected to the login page but the original servlet is still executed

Description

When the users session times out the following steps are executed:

1.) invalidate (delete) the http session
2.) send redirect (or ajax-error message) to the browser
3.) execute the original servlet with an empty session leading to unpredictable behavior

Step 3.) should not be executed. After step two the browser is sent to the login page and sending more data to the browser does not make sense. Additionally we did already logout the user (invalidate his session) so executing step 3.) cannot work as the is no current user to execute the action with.

Additionally checking the documentation for sendRedirect shows:
After using this method, the response should be considered to be committed and should not be written to.

Steps To Reproduce

Go to General Setup -> Application -> Module Management
Wait for the session to time out
Press the 'scan for updates button'
The browser response in the text error
But in the server/eclipse output and stacktrace/error is shown as the scanForUpdates servlet is executed without a valid user

Proposed Solution

Additional Information