Anonymous | Login

Project:

News | My View | View Issues | Roadmap | Summary

View Issue Details[ Jump to Notes ]

[ Issue History ] [ Print ]

ID

0050872

Type

Category

Severity

Reproducibility

Date Submitted

Last Update

defect

[Openbravo ERP] A. Platform

critical

have not tried

2022-11-14 10:00

2022-11-14 15:43

Reporter

AugustoMauch

View Status

public

Assigned To

AugustoMauch

Priority

normal

Resolution

fixed

Fixed in Version

PR23Q1

Status

closed

Fix in branch

Fixed in SCM revision

Projection

none

ETA

none

Target Version

OS

Any

Database

Any

Java version

OS Version

Database version

Ant version

Product Version

SCM revision

Review Assigned To

Web browser

Modules

Core

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

No

Summary

0050872: Timeout of Openbravo standard session is set to very low value if a request to a webservice is done using that session

Description

In Openbravo there are at least two different session timeout configurations:
- For standard session the value defined in the session-timeout context parameter is used (default: 60 minutes) [1]
- For webservice sessions the timeout is defined to a much smaller value (default: 60 seconds) [2]

The problem is that within a standard Openbravo session a request is done to a webservice endpoint, the timeout of the standard session will be set to the timeout of webservice sessions (60 seconds). We should only do that if the session was created as a result of the the webservice request.

[1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/src-db/database/sourcedata/AD_MODEL_OBJECT_PARA.xml#L255 [^]
[2] https://gitlab.com/openbravo/product/openbravo/-/blob/master/src/org/openbravo/service/web/BaseWebServiceServlet.java#L133 [^]

Steps To Reproduce

- Login in the Openbravo backoffice, i.e. https://livebuilds.openbravo.com/erp_pi_pgsql [^]
- Do not interact with the backoffice for two minutes and then try to open any window (i.e. Sales Order). This will work as expected because the timeout for standard sessions is longere
- Within that session make a request to a webservice (i.e. by entering this in the browser url input: https://livebuilds.openbravo.com/erp_pi_pgsql/org.openbravo.service.json.jsonrest/Country [^])
- Wait for a couple of minutes and try to open any window. You will not be able because the session will have expired

Tags

No tags attached.

Relationships [ Relation Graph ] [ Dependency Graph ]

depends on	backport	0050873	PR22Q4.1	closed	AugustoMauch	Openbravo ERP	Timeout of Openbravo standard session is set to very low value if a request to a webservice is done using that session
depends on	backport	0050874	PR22Q3.3	closed	AugustoMauch	Openbravo ERP	Timeout of Openbravo standard session is set to very low value if a request to a webservice is done using that session
has duplicate	defect	0050545		closed	Triage Platform Base	POS2	"Session is in an unrecoverable offline" message displayed even if failing request was not done to backend of Openbravo

Notes
(0143506) hgbot (developer) 2022-11-14 10:45	Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/758 [^]

(0143572) hgbot (developer) 2022-11-14 15:43	Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/758 [^]

(0143573) hgbot (developer) 2022-11-14 15:43	Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/openbravo [^] Changeset: 59fd2d688f04a4a90d3bf041b9f23a03836c7244 Author: Augusto Mauch <augusto.mauch@openbravo.com> Date: 14-11-2022 10:46:08 URL: https://gitlab.com/openbravo/product/openbravo/-/commit/59fd2d688f04a4a90d3bf041b9f23a03836c7244 [^] Fixes ISSUE-50872: ws request should not update inactive interval in standard sessions Sessions created as a result of webservice requests are supposed to expire before standard sessions (1 minute vs 60 minutes by default). To force the shorter expiration date of webservice sessions, the max inactive timeout was set to the smaller value each time a request to a webservice is received. The problem is that if the request to the webservice was done as part of a standard session, we were making the standard session short lived as well, and that was not supposed to happen. To fix this, now the max inactive timeout is given a small value only if the session was created as a result of the webservice request --- M src/org/openbravo/service/web/BaseWebServiceServlet.java ---

Issue History
Date Modified	Username	Field	Change
2022-11-14 10:00	AugustoMauch	New Issue
2022-11-14 10:00	AugustoMauch	Assigned To	=> AugustoMauch
2022-11-14 10:00	AugustoMauch	Modules	=> Core
2022-11-14 10:00	AugustoMauch	Triggers an Emergency Pack	=> No
2022-11-14 10:01	AugustoMauch	Status	new => scheduled
2022-11-14 10:45	hgbot	Note Added: 0143506
2022-11-14 15:43	hgbot	Resolution	open => fixed
2022-11-14 15:43	hgbot	Status	scheduled => closed
2022-11-14 15:43	hgbot	Note Added: 0143572
2022-11-14 15:43	hgbot	Fixed in Version	=> PR23Q1
2022-11-14 15:43	hgbot	Note Added: 0143573
2022-11-14 15:46	AugustoMauch	Relationship added	has duplicate 0050545

Copyright © 2000 - 2009 MantisBT Group