Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0050872 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | critical | have not tried | 2022-11-14 10:00 | 2022-11-14 15:43 | |||
| Reporter | AugustoMauch | View Status | public | |||||
| Assigned To | AugustoMauch | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | PR23Q1 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | approved | |||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0050872: Timeout of Openbravo standard session is set to very low value if a request to a webservice is done using that session | |||||||
| Description | In Openbravo there are at least two different session timeout configurations: - For standard session the value defined in the session-timeout context parameter is used (default: 60 minutes) [1] - For webservice sessions the timeout is defined to a much smaller value (default: 60 seconds) [2] The problem is that within a standard Openbravo session a request is done to a webservice endpoint, the timeout of the standard session will be set to the timeout of webservice sessions (60 seconds). We should only do that if the session was created as a result of the the webservice request. [1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/src-db/database/sourcedata/AD_MODEL_OBJECT_PARA.xml#L255 [^] [2] https://gitlab.com/openbravo/product/openbravo/-/blob/master/src/org/openbravo/service/web/BaseWebServiceServlet.java#L133 [^] | |||||||
| Steps To Reproduce | - Login in the Openbravo backoffice, i.e. https://livebuilds.openbravo.com/erp_pi_pgsql [^] - Do not interact with the backoffice for two minutes and then try to open any window (i.e. Sales Order). This will work as expected because the timeout for standard sessions is longere - Within that session make a request to a webservice (i.e. by entering this in the browser url input: https://livebuilds.openbravo.com/erp_pi_pgsql/org.openbravo.service.json.jsonrest/Country [^]) - Wait for a couple of minutes and try to open any window. You will not be able because the session will have expired | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0143506) hgbot (developer) 2022-11-14 10:45 |
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/758 [^] |
|
(0143572) hgbot (developer) 2022-11-14 15:43 |
Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/758 [^] |
|
(0143573) hgbot (developer) 2022-11-14 15:43 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/openbravo [^] Changeset: 59fd2d688f04a4a90d3bf041b9f23a03836c7244 Author: Augusto Mauch <augusto.mauch@openbravo.com> Date: 14-11-2022 10:46:08 URL: https://gitlab.com/openbravo/product/openbravo/-/commit/59fd2d688f04a4a90d3bf041b9f23a03836c7244 [^] Fixes ISSUE-50872: ws request should not update inactive interval in standard sessions Sessions created as a result of webservice requests are supposed to expire before standard sessions (1 minute vs 60 minutes by default). To force the shorter expiration date of webservice sessions, the max inactive timeout was set to the smaller value each time a request to a webservice is received. The problem is that if the request to the webservice was done as part of a standard session, we were making the standard session short lived as well, and that was not supposed to happen. To fix this, now the max inactive timeout is given a small value only if the session was created as a result of the webservice request --- M src/org/openbravo/service/web/BaseWebServiceServlet.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2022-11-14 10:00 | AugustoMauch | New Issue | |
| 2022-11-14 10:00 | AugustoMauch | Assigned To | => AugustoMauch |
| 2022-11-14 10:00 | AugustoMauch | OBNetwork customer | => No |
| 2022-11-14 10:00 | AugustoMauch | Modules | => Core |
| 2022-11-14 10:00 | AugustoMauch | Triggers an Emergency Pack | => No |
| 2022-11-14 10:01 | AugustoMauch | Status | new => scheduled |
| 2022-11-14 10:45 | hgbot | Merge Request Status | => open |
| 2022-11-14 10:45 | hgbot | Note Added: 0143506 | |
| 2022-11-14 12:44 | hgbot | Merge Request Status | open => approved |
| 2022-11-14 15:43 | hgbot | Resolution | open => fixed |
| 2022-11-14 15:43 | hgbot | Status | scheduled => closed |
| 2022-11-14 15:43 | hgbot | Note Added: 0143572 | |
| 2022-11-14 15:43 | hgbot | Fixed in Version | => PR23Q1 |
| 2022-11-14 15:43 | hgbot | Note Added: 0143573 | |
| 2022-11-14 15:46 | AugustoMauch | Relationship added | has duplicate 0050545 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |