Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0002224 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | minor | always | 2007-11-01 21:28 | 2008-11-26 14:02 | |||
| Reporter | pjuvara | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 2.40alpha-r2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0002224: AT235: Users with two clients see transactions in wrong one | |||||||
| Description | Problem Description =================== A user having access to two clients (client A and client B) can see a transaction created in one client from the other client. Environment =========== 2.35 Acceptance Testing Postgre How To Reproduce ================ In a standard installation with BigBazaar client, create a second client and call it ClientB. In ClientB, create a sales order header and save it. Without logging out, switch role to BigBazaar Admin and navigate to the sales order window. The window behavior is such that it queries back the last transaction queried by the user, regardless of the client context. As a result, the sales order created in ClientB is retrieved in BigBazaar client. Notes ===== This is not a security issue since the user has access to that transaction in the first place, but further attempts to process that transaction might give unpredictable results and cause data corruption. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0002584) psarobe (viewer) 2008-01-24 09:53 edited on: 2008-06-12 09:23 |
Logged In: YES user_id=1500703 Originator: NO Regarding on this: Also check this issue. Environment =========== 2.35 ORACLE, Linux Steps to reproduce ================== -Working with two clients. Client A, client B -One of the client, e.g Client A, must have a preference for Sales Order window where the attribute must be C_DOCTYPETARGET_ID with value the ID for the document type "Standard order" for that client A -To do this go to General Setup->Application->Preferences -Then login with Client B and go to Financial management->Accounting->Setup->Document type and see which document type has the check "Default" mark. If it is "Standard Order" or "Returned material" mark then unmark. Mark another one, for example Warehouse order -Logout and login again with client B and go to Sales management->Transactions->Sales order -Click new and see if in the Transaction document it is the value "Warehouse Order". Then OK -Now Logout and login with client A and go to Sales management->Transactions->Sales order -Click new and see if in the Transaction document it is the value Standard order. Then OK -Now Logout and login again with client B and go to Sales management->Transactions->Sales order -Click new and see if in the Transaction document it is the value "Return material". If it does, then it's wrong because it has to be "Warehouse Order". This happens because although I login with client B, and because I login before with client A, it still remains in the session the values for client A, instead of being removed when I login with another client (Client B) |
|
(0002585) alostale (viewer) 2008-05-12 10:21 edited on: 2008-06-12 09:23 |
Logged In: YES user_id=1500722 Originator: NO This is fixed within security review project |
|
(0005813) user71 2005-06-01 00:00 edited on: 2008-06-12 09:43 |
This bug was originally reported in SourceForge bug tracker and then migrated to Mantis. You can see the original bug report in: https://sourceforge.net/support/tracker.php?aid=1824278 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-11-26 14:02 | psarobe | Regression testing | => No |
| 2008-11-26 14:02 | psarobe | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |