Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0047888
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSmajorunable to reproduce2021-10-20 06:572021-11-26 14:36
ReporteralostaleView Statuspublic 
Assigned Toplatform 
PriorityurgentResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget VersionRR22Q1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0047888: checkServerAvailability does not fail even if the session is corrupted

DescriptionIf a session is corrupted and its csrf token is lost, POS goes offline on the next online POST request as it returns correctly 401 due to missing token, which is correct.

When in offline checkServerAvailability requests are sent, they respond with 200 so POS considers it is online, although the next POST request will also fail.
Steps To ReproduceAlthough it is unclear why the session got corrupted, this is part of a sequence of requests seen in an actual customer (attached the full sequence of requests received for that session):

1. 19:04 - 19:12 regular activity
2. 19:12:14 AppCacheManifest 200 -> reload page? Might the session be corrupted after this one
3. 19:21:09 ProcessCashClose 401 -> the request is sent without csrf token which makes the validation fail which makes the pos to go offline
4. checkServerAvailability every 10s 200 -> 3 successful requests make pos to go online
5. ProcessCashClose 401 -> actual request fails again so pos is offline again
6. repeats steps 4 and 5
Proposed SolutioncheckServerAvailability should include a csrf token check and in case it is not valid the user should be notified and sent back to login window as their session is not valid anymore.
TagsNo tags attached.
Attached Fileslog file icon 25390BD087868B3F5BEB2CDCEAD44D9E.log [^] (950,589 bytes) 2021-10-20 06:58

- Relationships Relation Graph ] Dependency Graph ]
related to feature request 0039123 closedjarmendariz Openbravo ERP Add CSRF Token support 

-  Notes
(0133308)
hgbot (developer)
2021-11-23 17:25

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/303 [^]
(0133334)
hgbot (developer)
2021-11-24 18:25

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/672 [^]
(0133391)
hgbot (developer)
2021-11-26 14:36

Merge Request created: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration/-/merge_requests/5 [^]

- Issue History
Date Modified Username Field Change
2021-10-20 06:57 alostale New Issue
2021-10-20 06:57 alostale Assigned To => platform
2021-10-20 06:57 alostale Triggers an Emergency Pack => No
2021-10-20 06:57 alostale Steps to Reproduce Updated View Revisions
2021-10-20 06:58 alostale File Added: 25390BD087868B3F5BEB2CDCEAD44D9E.log
2021-10-20 07:14 alostale Relationship added related to 0039123
2021-11-16 16:54 egoitz Issue Monitored: egoitz
2021-11-23 17:25 hgbot Note Added: 0133308
2021-11-24 18:25 hgbot Note Added: 0133334
2021-11-26 14:36 hgbot Note Added: 0133391


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker