Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||||||
ID | ||||||||||||
0046303 | ||||||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
design defect | [Retail Modules] Web POS | minor | have not tried | 2021-04-20 08:10 | 2021-04-20 08:11 | |||||||
Reporter | caristu | View Status | public | |||||||||
Assigned To | Retail | |||||||||||
Priority | high | Resolution | open | Fixed in Version | ||||||||
Status | new | Fix in branch | Fixed in SCM revision | |||||||||
Projection | none | ETA | none | Target Version | ||||||||
OS | Any | Database | Any | Java version | ||||||||
OS Version | Database version | Ant version | ||||||||||
Product Version | SCM revision | |||||||||||
Review Assigned To | ||||||||||||
Regression level | ||||||||||||
Regression date | ||||||||||||
Regression introduced in release | ||||||||||||
Regression introduced by commit | ||||||||||||
Triggers an Emergency Pack | No | |||||||||||
Summary | 0046303: Review if context change check mechanism should be deleted | |||||||||||
Description | With every backend request, it is checked whether the current context (client, org, user, role) has changed[1]. If changed, a confirmation is shown to the user in order to log in again. In 3.0PR19Q1 version the CSRF token control mechanism was implemented. This is a security token that changes with every new session. So we have two mechanisms that keeps control about session changes. We should review if we can safely delete the context check on every request and use just the CSRF token control. [1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js#L62 [^] | |||||||||||
Steps To Reproduce | . | |||||||||||
Proposed Solution | Remove the context change check mechanism, in case we confirm that it can be safely replaced with the CSRF token check. | |||||||||||
Tags | No tags attached. | |||||||||||
Attached Files | ||||||||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | |||||||||||||||||
|
Issue History | |||
Date Modified | Username | Field | Change |
2021-04-20 08:10 | caristu | New Issue | |
2021-04-20 08:10 | caristu | Assigned To | => Retail |
2021-04-20 08:10 | caristu | Triggers an Emergency Pack | => No |
2021-04-20 08:10 | caristu | Issue generated from | 0046302 |
2021-04-20 08:10 | caristu | Relationship added | related to 0046302 |
2021-04-20 08:10 | caristu | Relationship added | related to 0039123 |
2021-04-20 08:11 | caristu | Description Updated | View Revisions |
Copyright © 2000 - 2009 MantisBT Group |