Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-2062

Crowd token reuse causes issues

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Crowd token reuse is based only on IP address, not user agent. This can mean that two different user agents can interfere with each others sessions on the same machine, or behind the same firewall on different machines. A specific instance of the problem is with the Bamboo eclipse connector, this doesn't check to see if the user is already logged in before sending a username and password. This causes the existing cookie to be invalidated on the server side, which because its the same token as used by a browser on the same host, causes the browser to be logged out. Token reuse, if necessary, should at least take into account the user agent.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jroper James Roper [Atlassian]
            Votes:
            5 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated: