Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0010320 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | have not tried | 2009-08-18 21:39 | 2009-08-21 00:00 | |||
| Reporter | shuehner | View Status | public | |||||
| Assigned To | shuehner | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | 59c0ede95a86 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | pi | SCM revision | ||||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0010320: Exception in log always after pressing logout: Cannot create a session after the response has been committed | |||||||
| Description | After merging the obps security branch the following exception happens always when pressing the logout button: 36253 [http-8080-4] INFO org.openbravo.erpCommon.security.SessionListener - Closed session4FB7D467CE594D31AC9943F0AE16468D 36273 [http-8080-5] ERROR org.openbravo.erpCommon.security.Logout - Error captured: java.lang.IllegalStateException: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:2301) at org.apache.catalina.connector.Request.getSession(Request.java:2075) at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:833) at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:844) at org.openbravo.authentication.basic.DefaultAuthenticationManager.logout(DefaultAuthenticationManager.java:112) at org.openbravo.base.secureApp.HttpSecureAppServlet.logout(HttpSecureAppServlet.java:466) at org.openbravo.erpCommon.security.Logout.doPost(Logout.java:37) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:224) at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:327) ... | |||||||
| Steps To Reproduce | Login Logout see logfile/eclipse-console | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0019022) shuehner (administrator) 2009-08-18 21:44 |
Problem is that on Logout the logout method in HSAS is called, which does invalidate the HTTP session (which is the technical logout), and then calls the logout method of the currently active AuthenticationManager. The DefaultAuthenticationManager does then try to remove the #Authenticated_user attribute from the session (which is already destroyed/invalidated). While doing this the code tries to recreated the seesion with getSession(true) which is not necessary and not possible after the session has been invalidated in the same response. |
|
(0019057) hgbot (developer) 2009-08-19 14:37 |
Repository: erp/devel/pi Changeset: 59c0ede95a86d4d18b3180c52f0947c8796b5cc1 Author: Stefan Hühner <stefan.huehner <at> openbravo.com> Date: Wed Aug 19 14:37:33 2009 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/59c0ede95a86d4d18b3180c52f0947c8796b5cc1 [^] Fixed 10320: On logout only remove the #Authenticated_user attribute, if the session has not already been invalidated - If it has not need to do anything otherwiese remove attribute without checking, as removeAttribute is a no-op with the attr missing --- M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-08-18 21:39 | shuehner | New Issue | |
| 2009-08-18 21:39 | shuehner | Assigned To | => shuehner |
| 2009-08-18 21:39 | shuehner | OBNetwork customer | => No |
| 2009-08-18 21:44 | shuehner | Note Added: 0019022 | |
| 2009-08-19 06:39 | rafaroda | Status | new => scheduled |
| 2009-08-19 14:37 | hgbot | Checkin | |
| 2009-08-19 14:37 | hgbot | Note Added: 0019057 | |
| 2009-08-19 14:37 | hgbot | Status | scheduled => resolved |
| 2009-08-19 14:37 | hgbot | Resolution | open => fixed |
| 2009-08-19 14:37 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/59c0ede95a86d4d18b3180c52f0947c8796b5cc1 [^] |
| 2009-08-20 13:53 | plujan | Status | resolved => closed |
| 2009-08-21 00:00 | anonymous | sf_bug_id | 0 => 2841478 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |