You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue was discovered by a client developer during the OPC IOP Workshop when he failed to active the session due to wrong username/password.
The OPC UA Specification Part 4 (1.04), chapter 5.6.4, says:
When the CloseSession Service is called before the Session is successfully activated, the Server shall reject the request if the SecureChannel is not the same as the one associated with the CreateSession request.
So I think in other cases the CloseSessionRequest shall be processed with good result, even if it has not been activated.
Also, if the authenticationToken of the of the CloseSessionRequest doesn't match the session of the currently used secure channel the stack calls the function getSessionByToken(). According to the specification the CloseSessionRequest should be rejected in this case.
Background Information / Reproduction Steps
Create a session and the close it without activating it first.
Checklist
Please provide the following information:
open62541 Version (release number or git tag): cce2d62
Other OPC UA SDKs used (client or server):
Operating system:
Logs (with UA_LOGLEVEL set as low as necessary) attached
Wireshark network dump attached
Self-contained code example attached
Critical issue
The text was updated successfully, but these errors were encountered:
Description
This issue was discovered by a client developer during the OPC IOP Workshop when he failed to active the session due to wrong username/password.
The OPC UA Specification Part 4 (1.04), chapter 5.6.4, says:
So I think in other cases the CloseSessionRequest shall be processed with good result, even if it has not been activated.
Also, if the authenticationToken of the of the CloseSessionRequest doesn't match the session of the currently used secure channel the stack calls the function getSessionByToken(). According to the specification the CloseSessionRequest should be rejected in this case.
Background Information / Reproduction Steps
Create a session and the close it without activating it first.
Checklist
Please provide the following information:
UA_LOGLEVEL
set as low as necessary) attachedThe text was updated successfully, but these errors were encountered: