-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
2.9.1
-
13
-
Severity 3 - Minor
-
6
-
Summary
Crowd SSO does not update last login date for Users from Confluence DataCenter because of Cookie Set
Environment
Crowd 2.9.1
Confluence 5.9.9 Datacenter
Steps to Reproduce
- Configure Crowd and Confluence DataCenter with SSO.
- Have UserA login to Confluence. UserA automatically gets a "Remember Me" cookie.
- Check the Crowd database for the last login time of UserA and it shows the login from step2.
- Quit the browser from Step2.
- Open a new browser, go to the Confluence login and UserA is still logged in because DataCenter automatically had the "Remember Me" option enabled.
- Check the Crowd database for the last login time of UserA and it still shows the login time from Step 2 and did not update with the login time from step 5. In the Confluence admin section UserA's login time shows from step5.
Expected Results
Crowd should update the database with the last login time since the Confluence datavase is updating the last login time even though the "Remember me" cookie is set.
Actual Results
Crowd does not sync with Confluence for the last login time when the "Remember me" cookie is set. Confluence Datacenter automatically enables the cookie and there is not an option to disable the cookie.
Notes
This issue was reported by a Premiere customer in PS-5882. The customer is using the last login time in Crowd to disable users that are not active for X amount of days so they do not have to query each individual Atlassian application and can just query Crowd. This is related to CWD-4749.
Workaround
No workaround
