-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
Medium
-
Component/s: User - Authentication
-
9
-
Severity 3 - Minor
-
3
Issue Summary
When an Atlassian Account session expires for the user in the browser, visiting a Confluence cloud site that allows anonymous access can result in an effect where the user does not see any spaces (even when spaces are anonymously allowed) and their session is not refreshed, nor are they prompted to log in. This bug also exists for unlicensed users in confluence (those with a license to JSM, but not confluence), when viewing a public space, since in this scenario they are gaining view permissions through the anonymous permission configured on the space.
This is reproducible on Data Center: (yes) / (no)
Steps to Reproduce
- Configure Confluence cloud to allow anonymous access for a site
- Access the site while logged in
- Wait for the idle session to expire (maybe put the PC to sleep)
- using the same window that was logged in, try to browse Confluence
NOTE: Using a reduced session idle time in the authentication policy for the user will aid greatly in reproducing this issue. Setting the time back to the default will greatly reduce the likelihood of encountering this issue.
Expected Results
Confluence should do one of the following:
- Access Confluence unauthenticated as the anonymous user
- Refresh the session and continue as the logged in user
- prompt the user to log into Confluence
Actual Results
User will appear to be unauthenticated, but will have no access to any confluence content. Attempting to log in using the UI in confluence will also not allow logging in properly.
Workaround
- Clearing cookies and cache in the browser
OR
- going to https://start.atlassian.com/ then logging out (if needed) and logging back in will resolve the issue
- is duplicated by
-
-
- Closed
-