Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0054156
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajorhave not tried2023-12-18 18:082023-12-18 18:12
ReporterablascoView Statuspublic 
Assigned ToTriage Platform Base 
PrioritynormalResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0054156: Race-Condition - Deferred Login State Initialization During the Login Process

DescriptionSometimes, the Login state requires the definition of the sessionID variable to verify whether we are inside or outside the application.

During the Login load ( or refresh ), various processes (such as loading Masterdata, backendserver initialization, among others) can be executed in parallel, and the definition of sessionID is a resource that may not be defined in some cases.

There are certain processes dependent on sessionID to identify that they are running within the application. (For example, the Backend Server initializes various Timeouts, such as the LogoutSession Dialog.)

If the system is overloaded with other processes, most of the time it will work, establishing the sessionID variable.

However, if the system is fast and lightweight ( not so common ), it may happen that the session variable resource is not defined for a condition, creating a conflict that may fail to initialize some background processes.

Therefore, there is a possibility that some functionalities might not work due to a race-condition, and in cases where they do work, it is due to the overload of processes.

This can be verified by slowing down the 3G throttle from Chrome Developer Tools.

There may be times when the session variable is well defined during the Login process, but it should also be considered that refreshing the page can reinitialize the sessionID variable and cause a conflict.
Steps To ReproduceHow to check sessionTimeout Case:
In Chrome Developer Tools.

- Add a logpoint in registerAutomaticSessionTimeout() method and review Login SessionID inside of it.

"IsLoginWindow ", OB.App.View.isLoginWindow()

- In login window , this method should give true. Inside the aplication should be false, because this method use sessionId to check if sessionID is null or not.
- Refresh Window. -> The value should give false inside the application during BackendServer initialization but it doesn't due to race-condition.


When is it working
- In network, we could uncheck "No throttling" and change this value to "Slow 3G"
- Refresh window again. --> SessionID is set before and the conditional could execute the BackendServer code correctly.


*See GIF attached.
In that test, we are using the following logpoint.

"IsLoginWindow ", !OB.App.View.isLoginWindow(),"IsLogginIn ", OB.App.Security.isLoggingIn()
TagsNo tags attached.
Attached Filesgif file icon AutoSessionThrottle.gif [^] (3,023,025 bytes) 2023-12-18 18:08

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2023-12-18 18:08 ablasco New Issue
2023-12-18 18:08 ablasco Assigned To => Triage Platform Base
2023-12-18 18:08 ablasco File Added: AutoSessionThrottle.gif
2023-12-18 18:08 ablasco Modules => Core
2023-12-18 18:08 ablasco Triggers an Emergency Pack => No
2023-12-18 18:09 ablasco Description Updated View Revisions
2023-12-18 18:12 ablasco Steps to Reproduce Updated View Revisions

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker