Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0041344
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] StoreServerminoralways2019-07-12 12:142022-02-01 08:05
Reportermauricio_peccoriniView Statuspublic 
Assigned ToTriage Platform Base 
PriorityhighResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava versionAny
OS VersionAnyDatabase versionAnyAnt versionAny
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0041344: After HTTP Session timeout, new requests from Web POS cause the insertion of a record in AD_SESSION with username NULL

DescriptionThe AuthenticationManager in use is:
->org.openbravo.authentication.AuthenticationManager
-->org.openbravo.authentication.basic.DefaultAuthenticationManager
---> org.openbravo.mobile.core.authenticate.MobileKeyAuthenticationManager
----> org.openbravo.retail.alerting.authenticate.AlertingAuthenticationManager
Change set versions:
core: a4a442cd90a4
module org.openbravo.mobile.core: 558f27c4e7b9
module org.openbravo.retail.alerting: a7f0636d29d7

If the HTTP Session timeout in Tomcat or the load balancer is shorter than the time it takes for Web POS to lock the terminal. Whenever the session has expired, any new request from Web POS will fail, but a new record will be created in AD_SESSION with the following characteristics:
1. The field 'username' is null
2. The field 'login_status' is 'S' instead of 'OBPOS_POS'
3. The field 'em_obpos_store_org_id' is null
4. The field 'websession' has a different value from the original session record
4. Other relevant fields have the same information, including 'em_obpos_applications_id'

Note this issue is reproducible also with MobileKeyAuthenticationManager
Steps To Reproduce1. Setup the session timeout to 1 minute either in Tomcat or the load balancer (if there is one)
2. Log on to Web POS and start the creation of a ticket
3. Wait for the HTTP session to expire
4. Perform any action that generates a request to the server (i.e.: search for a business partner)
5. Query AD_SESSION for records created in the past few minutes, there will be two records from the terminal in use, one with the appropriate data and one as described above

Questionable behavior:
- With DefatultAuthenticantionManager, after Tomcat expires session, user is requested to log in again. With MobileKeyAuthenticationManager they are transparently logged in.

Incorrect behavior:
- New session created in AD_Session
- This new session is of type S which consumes backend user
- This session lacks some info (username...)
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2019-07-12 12:14 mauricio_peccorini New Issue
2019-07-12 12:14 mauricio_peccorini Assigned To => platform
2019-07-12 12:14 mauricio_peccorini Web browser => Google Chrome
2019-07-12 12:14 mauricio_peccorini Modules => Core
2019-07-12 12:14 mauricio_peccorini Triggers an Emergency Pack => No
2019-07-12 13:19 guillermogil Web browser Google Chrome => Google Chrome
2019-07-31 15:41 alostale Project Openbravo ERP => Retail Modules
2019-07-31 15:46 alostale Category A. Platform => StoreServer
2019-07-31 15:46 alostale version 3.0PR19Q1 =>
2019-07-31 15:46 alostale Target Version 3.0PR19Q1 =>
2019-07-31 15:46 alostale Description Updated View Revisions
2019-07-31 15:46 alostale Steps to Reproduce Updated View Revisions
2022-02-01 08:05 alostale Assigned To platform => Triage Platform Base

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker