Cross tenant PO reading request detected from session for table AD_User Record_ID
google forum thread
Issue: user was not able to log into our internal iDempiere.
Popup appear : Cross tenant PO reading request detected from session for table AD_User Record_ID=1001793
2 tenants (1000001 and 1000002), and each people has a user in the two tenants (with same LDAPUser).
Password are stored in LDAPUser
Her AD_User_ID are 1001793 and 1001794.
Here's the log:
From what I understand, the program sets ClientID 1000001 in the Context, but PO object loaded was from clientID 1000002.
No, I means either to set #AD_Client_ID to 0 or reset the thread local context at around line 150 of LoginWindow. #AD_Client_ID should not have been set at that point.
Even if you raise an exception or logout zk, we still have to clean up the environment context at that point since the thread will goes back to jetty’s thread pool after completion of the request/event.
I think the most likely source of issue is report/process, scheduler or background job (run as job). A thread is leave will thread local environment context before goes back to the jetty thread pool.
Hi - do you mean adding
as line 1313?
I did lots of tests and was never able to reproduce the issue, so I’m just fixing it based on the stacktrace.
Or maybe a better patch would be to do a complete zk logout when this situation is found? It sounds like something that must not happen.
I think we should make sure #AD_Client_ID is 0 at the point as well:
at org.adempiere.webui.panel.LoginPanel.validateLogin(LoginPanel.java:580) at org.adempiere.webui.window.LoginWindow.onEvent(LoginWindow.java:166)