Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0004020 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| feature request | [Openbravo ERP] C. Security | minor | have not tried | 2008-06-17 16:32 | 2009-10-13 00:12 | |||
| Reporter | jordimas | View Status | public | |||||
| Assigned To | iciordia | |||||||
| Priority | normal | Resolution | no change required | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Linux 32 bit | Database | PostgreSQL | Java version | ||||
| OS Version | Ubuntu 7.1 | Database version | 8.14 | Ant version | ||||
| Product Version | pi | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0004020: AD_SESSION grows and logout.html does not exists | |||||||
| Description | Hello, I assume that the original idea behind AD_SESSION was to keep a list of the valid sessions. However, the entries are added but never removed. The "close session" button references to an HTML called /security/Logout.html that seems do not exist. Jordi, | |||||||
| Tags | ToBeReviewed | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0007834) cromero (reporter) 2008-06-18 14:58 |
The security/Logout.html is just a mapping used in Tomcat to redirect to the class org.openbravo.erpCommon.security.Logout, so it does not mind if the Logout.html exists or not. You can view this in the web.xml file in the WEB-INF folder in Tomcat/webbapps/yourcontext. |
|
(0007966) roklenardic (developer) 2008-06-23 20:22 |
The AD_SESSION was not designed to keep track of live sessions. That's something Tomcat does internally. AD_SESSION is right now used to keep a log of people who logged in (and where they logged in from - the IP) and if they logged out (PROCESSED = Y). Good feature for security purposes. |
|
(0020945) iciordia (manager) 2009-10-13 00:11 |
Currently this issue makes no sense |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-06-17 16:32 | jordimas | New Issue | |
| 2008-06-17 16:32 | jordimas | Assigned To | => cromero |
| 2008-06-17 16:32 | jordimas | sf_bug_id | 0 => 1996177 |
| 2008-06-17 16:33 | jpabloae | Issue Monitored: jpabloae | |
| 2008-06-17 16:49 | jordimas | Issue Monitored: jordimas | |
| 2008-06-18 14:58 | cromero | Note Added: 0007834 | |
| 2008-06-23 18:30 | cromero | Assigned To | cromero => alostale |
| 2008-06-23 18:30 | cromero | Type | defect => feature request |
| 2008-06-23 20:22 | roklenardic | Note Added: 0007966 | |
| 2008-11-16 07:43 | pjuvara | Assigned To | alostale => pjuvara |
| 2008-11-16 12:06 | pjuvara | Tag Attached: ToBeReviewed | |
| 2009-05-22 19:36 | pjuvara | Assigned To | pjuvara => iciordia |
| 2009-10-13 00:11 | iciordia | Status | new => closed |
| 2009-10-13 00:11 | iciordia | Note Added: 0020945 | |
| 2009-10-13 00:12 | iciordia | Resolution | open => no change required |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |