Anonymous | Login
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformminorhave not tried2015-05-27 15:052017-06-02 18:22
ReportershuehnerView Statuspublic 
Assigned Toalostale 
PriorityhighResolutionfixedFixed in Version3.0PR17Q3
StatusclosedFix in branchFixed in SCM revision624c1fa5299c
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tocaristu
Web browser
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo

0030031: row created in ad_session for same cookie after every erp logout

DescriptionContext of testing:
[2:56:18 PM] Stefan Huehner: create ad_session with status F
[2:56:25 PM] Stefan Huehner: if you login that same row changes to status S
[2:56:44 PM] Stefan Huehner: if you logout that row changes to session_active=n
[2:56:49 PM] Stefan Huehner: browser shows login page
[2:57:05 PM] Stefan Huehner: and on top you get 2 more rows in ad_session with that same for 'websession' and status = F again

This but is about that last line.
Having active erp login
Doing normal logout (which redirects to login page)
Does create 2 ad_session entries for same cookie (aka column websession)
Steps To ReproduceGo to livebuilds. erp_pgsql_pi

now check ad_session content related to your logins (i.e. filter by your ip)
select ad_session_id,created,websession,remote_addr, username,login_status,* from ad_session where remote_addr = '<your client ip>' order by created desc limit 3;

An sql similar to that can be used to find the probably relevant rows assuming single user.

Note: livebuilds is example, probably reproducible in other systems (i.e. also noticed in online demo)
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to design defect 0035994 closedcaristu Web service calls should not create ad_session entries being in an instance with unlimited web service calls 
related to defect 0038075 closedalostale row created in ad_session after Tomcat expires session 
blocks defect 0038079 closedalostale row created in ad_session opening openbravo base url 
causes defect 0038566 closedcaristu Autologon and AuthenticationManagers using SSO not working 

-  Notes
caristu (developer)
2015-06-11 09:04
edited on: 2017-05-17 09:16

The behavior seems to be different depending on the browser.

 - Firefox: in this case, when logout is done, the code in index.jsp is called twice and therefore the authenticate method of AuthenticationManager is executed two times. For this reason, a double row with status "F" is created in ad_session table.

 - Chrome: in this case, when logout is done, one record is created with status "F". This is also wrong.

hgbot (developer)
2017-05-30 15:20

Repository: erp/devel/pi
Changeset: 624c1fa5299c05dd0de944b06e65e33b3a7da6a9
Author: Asier Lostalé <asier.lostale <at>>
Date: Tue May 30 15:17:57 2017 +0200
URL: [^]

fixed bug 30031: row created in ad_session for same cookie after erp logout

  Logout navigates to root page (index.jsp) which in case of not logged in,
  redirects to login page.

  By default jsp pages creates a HttpSession if it does not exist, so finally
  we got a HttpSession + an AD_Session entry.

  Fixed by preventing session creation in index.jsp, and redirecting to login
  page if no session detected.

M src/index.jsp
M src/org/openbravo/authentication/
hudsonbot (developer)
2017-05-30 20:59

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: [^]
Maturity status: Test
caristu (developer)
2017-06-02 18:22

Code reviewed + tested OK.

- Issue History
Date Modified Username Field Change
2015-05-27 15:05 shuehner New Issue
2015-05-27 15:05 shuehner Assigned To => platform
2015-05-27 15:05 shuehner Modules => Core
2015-05-27 15:05 shuehner Triggers an Emergency Pack => No
2015-06-05 09:03 alostale Status new => acknowledged
2015-06-05 09:04 alostale Target Version => 3.0PR15Q3
2015-06-09 08:57 alostale Status acknowledged => scheduled
2015-06-09 08:57 alostale Assigned To platform => caristu
2015-06-11 09:04 caristu Note Added: 0078204
2015-06-11 09:07 caristu Note Edited: 0078204 View Revisions
2015-06-11 09:08 caristu Note Edited: 0078204 View Revisions
2015-06-11 09:11 caristu Note Edited: 0078204 View Revisions
2015-06-29 10:49 alostale Target Version 3.0PR15Q3 =>
2015-11-11 12:12 alostale Status scheduled => acknowledged
2015-11-11 12:13 alostale Assigned To caristu => platform
2017-05-17 08:47 alostale Tag Attached: Performance
2017-05-17 08:48 alostale Priority normal => high
2017-05-17 08:49 caristu Relationship added related to 0035994
2017-05-17 09:15 caristu Note Edited: 0078204 View Revisions
2017-05-17 09:16 caristu Note Edited: 0078204 View Revisions
2017-05-30 15:13 alostale Summary Double row created in ad_session for same cookie after every erp logout => row created in ad_session for same cookie after every erp logout
2017-05-30 15:20 alostale Assigned To platform => alostale
2017-05-30 15:20 hgbot Checkin
2017-05-30 15:20 hgbot Note Added: 0097015
2017-05-30 15:20 hgbot Status acknowledged => resolved
2017-05-30 15:20 hgbot Resolution open => fixed
2017-05-30 15:20 hgbot Fixed in SCM revision => [^]
2017-05-30 15:21 alostale Review Assigned To => caristu
2017-05-30 20:59 hudsonbot Checkin
2017-05-30 20:59 hudsonbot Note Added: 0097038
2017-06-02 18:22 caristu Note Added: 0097114
2017-06-02 18:22 caristu Status resolved => closed
2017-06-02 18:22 caristu Fixed in Version => 3.0PR17Q3
2018-03-08 09:39 alostale Relationship added related to 0038075
2018-03-08 12:39 alostale Relationship added blocks 0038079
2018-05-24 17:50 caristu Relationship added causes 0038566

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker