Deepesh,
Can you confirm that you used
1) Two different browsers like firefox and IE
2) Check URL if sessionId of two windows was same.
In case if sessionid of both windows is same then consider this as
normal behavior. This issues is resolved by some frameworks by
introducing conversation scope.
Regards
Anil Patel
On Feb 9, 2009, at 8:05 AM, Deepesh Kapoor wrote:
Guys , i followed the steps to trace the behavior. To be more
precise i took these steps :
1. Used two different browser windows.
2. Used two different parties and simultaniously moved forward to
create order.
Result :
Only one order gets created ( the first one ) and the second browser
gives the error message. According to me there is nothing unexpected
in this , it will be great for me if you can elaborate the behavior
noticed by you.
Regards
- -
Deepesh
Divesh Dutta wrote:
I tried this steps and found the same behavior.I think this is a
bug.Please correct if we are wrong some where.
Divesh
Hi,
I recently discovered there was a major bug in the create order in
the
'Order' application. To reproduce the buy, please do as following:
Login to the admin side and select 2 different party in the 'party'
application in 2 different browser windows and proceed to create a
order
for, say party A, in window A. Now when you are in the last screen
to
confirm/create order, just stop there and do not press the submit
button.
Now, in window 2, for party B, proceed just aas above and stop in
the last
page before submitting the order.
Now, select the window 1 and press the submit order button for
party A.
This should have create a order for party A, with the items
contained in
shopping cart of party A, but you will probably see that the
shipping
address associate with the order is that of party B.
In substance, if one tries to create orders simultaneoulsy in the
'order'
application, ofbiz may throw un-expected results. And this is not
just a
bug, but a huge security issue too.
Please do let me know if it happens for others too, in which case
i will
open a JIRA issue for the same.
Thanks,
Rohit
