0046303: Review if context change check mechanism should be deleted

Description

With every backend request, it is checked whether the current context (client, org, user, role) has changed[1]. If changed, a confirmation is shown to the user in order to log in again.

In 3.0PR19Q1 version the CSRF token control mechanism was implemented. This is
a security token that changes with every new session.

So we have two mechanisms that keeps control about session changes. We should review if we can safely delete the context check on every request and use just the CSRF token control.

[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js#L62 [^]

Steps To Reproduce

Proposed Solution

Remove the context change check mechanism, in case we confirm that it can be safely replaced with the CSRF token check.

Tags

No tags attached.

Attached Files

Relationships [ Relation Graph ] [ Dependency Graph ]

related to	defect	0046302		closed	caristu	Retail Modules	Context change is not properly checked in some requests
related to	feature request	0039123		closed	jarmendariz	Openbravo ERP	Add CSRF Token support

Notes
There are no notes attached to this issue.

Issue History
Date Modified	Username	Field	Change
2021-04-20 08:10	caristu	New Issue
2021-04-20 08:10	caristu	Assigned To	=> Retail
2021-04-20 08:10	caristu	Triggers an Emergency Pack	=> No
2021-04-20 08:10	caristu	Issue generated from	0046302
2021-04-20 08:10	caristu	Relationship added	related to 0046302
2021-04-20 08:10	caristu	Relationship added	related to 0039123
2021-04-20 08:11	caristu	Description Updated	View Revisions