Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0004327 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | always | 2008-07-04 15:27 | 2008-09-04 12:06 | |||
| Reporter | roklenardic | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | high | Resolution | fixed | Fixed in Version | 2.40 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 6647 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Linux 32 bit | Database | Oracle | Java version | 1.6 | |||
| OS Version | Ubuntu 8.04 | Database version | XE 10g | Ant version | 1.7.0 | |||
| Product Version | 2.40alpha-r3 | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0004327: Session Timeout | |||||||
| Description | Within the web.xml there is a setting <session-config> <session-timeout>60</session-timeout> </session-config> which should set the authenticated session to expire after 60minutes. I set that to 1 (yes, the one in WEB-INF context folder) to test if it does expire and could not get it to expire. no kind of inactivity expired the session. Am I doing something wrong or is it a bug? | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0008396) cromero (reporter) 2008-07-23 22:37 |
The problem is due alerts are throwing each 50 seconds a consult to db in order to update if there are new alerts. Modifying the alert update time (now it is hardcoded in the menu.html file) to a value bigger than session timeout time, the timeout time will be effective. |
|
(0008399) alostale (manager) 2008-07-24 10:25 |
Once defect 0004500 is fixed, this bug would have an easy workarround (the one mentioned by cromero). Anyway the solution for this one should make the alert checks not to reset the session timer. |
|
(0008424) svnbot (reporter) 2008-07-29 16:39 |
Repository: openbravo Revision: 6029 Author: gorka_gil Date: 2008-07-29 16:39:03 +0200 (Tue, 29 Jul 2008) Fixed issue 4327 Now, alerts don't reset the session timeout --- A branches/sessiontimeout/src-core/src/org/openbravo/utils/SessionExpirationFilter.java U branches/sessiontimeout/src-wad/src/org/openbravo/wad/web.xml --- https://dev.openbravo.com/websvn/openbravo/?rev=6029&sc=1 [^] |
|
(0008735) svnbot (reporter) 2008-08-25 18:46 |
Repository: openbravo Revision: 6546 Author: gorka_gil Date: 2008-08-25 18:46:40 +0200 (Mon, 25 Aug 2008) [r2.40] Related to issue 4327 fix session timeout in branch r2.40 --- U branches/r2.40/src-wad/src/org/openbravo/wad/web.xml --- https://dev.openbravo.com/websvn/openbravo/?rev=6546&sc=1 [^] |
|
(0008736) svnbot (reporter) 2008-08-25 18:48 |
Repository: openbravo Revision: 6547 Author: gorka_gil Date: 2008-08-25 18:48:00 +0200 (Mon, 25 Aug 2008) [r2.40] Related to issue 4327 fix session timeout in branch r2.40 --- A branches/r2.40/src-core/src/org/openbravo/utils/SessionExpirationFilter.java --- https://dev.openbravo.com/websvn/openbravo/?rev=6547&sc=1 [^] |
|
(0008779) svnbot (reporter) 2008-08-29 10:59 |
Repository: openbravo Revision: 6647 Author: gorka_gil Date: 2008-08-29 10:59:37 +0200 (Fri, 29 Aug 2008) Fixed bug 4327 fix session timeout --- A trunk/src-core/src/org/openbravo/utils/SessionExpirationFilter.java U trunk/src-wad/src/org/openbravo/wad/web.xml --- https://dev.openbravo.com/websvn/openbravo/?rev=6647&sc=1 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-07-04 15:27 | roklenardic | New Issue | |
| 2008-07-04 15:27 | roklenardic | Assigned To | => cromero |
| 2008-07-04 15:27 | roklenardic | sf_bug_id | 0 => 2010648 |
| 2008-07-07 09:52 | cromero | Status | new => scheduled |
| 2008-07-07 09:52 | cromero | Assigned To | cromero => alostale |
| 2008-07-07 09:52 | cromero | fix_in_branch | => trunk |
| 2008-07-09 17:22 | cromero | Relationship added | has duplicate 0004359 |
| 2008-07-22 18:36 | pjuvara | Severity | minor => major |
| 2008-07-22 18:36 | pjuvara | fix_in_branch | trunk => |
| 2008-07-22 18:42 | pjuvara | Priority | normal => high |
| 2008-07-23 22:37 | cromero | Note Added: 0008396 | |
| 2008-07-24 10:23 | alostale | Relationship added | related to 0004500 |
| 2008-07-24 10:25 | alostale | Note Added: 0008399 | |
| 2008-07-29 16:39 | svnbot | Checkin | |
| 2008-07-29 16:39 | svnbot | Note Added: 0008424 | |
| 2008-07-29 16:39 | svnbot | Status | scheduled => resolved |
| 2008-07-29 16:39 | svnbot | Resolution | open => fixed |
| 2008-07-29 16:39 | svnbot | svn_revision | => 6029 |
| 2008-08-25 18:46 | svnbot | Checkin | |
| 2008-08-25 18:46 | svnbot | Note Added: 0008735 | |
| 2008-08-25 18:46 | svnbot | svn_revision | 6029 => 6546 |
| 2008-08-25 18:48 | svnbot | Checkin | |
| 2008-08-25 18:48 | svnbot | Note Added: 0008736 | |
| 2008-08-25 18:48 | svnbot | svn_revision | 6546 => 6547 |
| 2008-08-29 10:59 | svnbot | Checkin | |
| 2008-08-29 10:59 | svnbot | Note Added: 0008779 | |
| 2008-08-29 10:59 | svnbot | svn_revision | 6547 => 6647 |
| 2008-09-04 12:06 | psarobe | Regression testing | => No |
| 2008-09-04 12:06 | psarobe | Status | resolved => closed |
| 2008-09-04 12:06 | psarobe | Fixed in Version | => 2.40 |
| 2009-01-27 22:17 | dbaz | Relationship added | related to 0007173 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |