Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Fix
Priority: Low
Fix Version/s: None
Affects Version/s: 2.4.1
Component/s: None
Labels:
None

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

CrowdHttpTokenHelperImpl.java:67 searches for the Crowd SSO token in cookies presented with the request. It does this by iterating over the cookies and exiting on the first cookie of the right name. This means that if two cookies with the same name - but different domains - are present, the one that Crowd tests is arbitrary.

Crowd should either:
1. search cookies in order from longest domain to shortest (so more specific tokens override less specific ones)
OR
2. return a set of SSO tokens to test rather than just one (so that override behaviour is controlled higher up).

This is a pretty esoteric bug, requiring different crowd servers servicing different overlapping domain namespaces (in my case, a test Crowd instance handling requests from tank.sydney.atlassian.com, and the global Crowd instance handling .atlassian.com)

Attachments

Issue Links

is duplicated by

CWD-4406 Crowd does not select the more specific SSO cookie and does not display any error message during login

Closed

mentioned in: Wiki Page Loading...

Activity

People

Assignee:: joe

Reporter:: BrendanA

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 23/Jul/2012 6:15 AM

Updated:: 15/Aug/2019 7:06 AM

Resolved:: 05/Jul/2013 7:06 AM