Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-4877

Using browser back button after logout shows page content

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: High High
    • None
    • None
    • None

      Summary

      After logging out of Crowd, it is possible to use the browser back button to view the previous pages. Though you cannot click through links or interact with the data it is still visible, which could be problematic with sensitive information on pages or the admin panel.

      Steps to Reproduce

      1. Browse through Confluence
      2. Log out of Confluence
      3. Press the "back" button in the browser

      Expected Results

      1. You will be required to log in
      2. Or receive a permissions issue

      Actual Results

      1. You're able to view the complete contents of the previous page

      Notes

      This was previously addressed in Bitbucket: BSERV-6996

      Workaround

      1. You can clear the browser cache after logging out to avoid this

            [CWD-4877] Using browser back button after logout shows page content

            Monique Khairuliana (Inactive) made changes -
            Epic Link Original: CWD-4704 [ 600140 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1766330 ] New: JAC Bug Workflow v3 [ 3365849 ]
            Owen made changes -
            Symptom Severity Original: Minor [ 14432 ] New: Severity 3 - Minor [ 15832 ]
            Gaurav Agarwal (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 372721 ]
            Gaurav Agarwal (Inactive) made changes -
            Remote Link New: This issue links to "Page (Extranet)" [ 372721 ]
            Gaurav Agarwal (Inactive) made changes -
            Resolution New: Cannot Reproduce [ 5 ]
            Status Original: Open [ 1 ] New: Closed [ 6 ]
            Gaurav Agarwal (Inactive) made changes -
            Security Original: Reporter and Atlassian Staff [ 10751 ]

            We've tested Crowd 3.1.1 using all the supported browsers:

            • Chrome - Version 63.0.3239.84
            • Internet Explorer - 11
            • Mozilla Firefox - Version 57.0.2
            • Safari - Version 11.0.2 (12604.4.7.1.4)

            The cache headers we currently add in Crowd are enough to prevent the behaviour with all the supported browsers. Closing as not reproducible

            Gaurav Agarwal (Inactive) added a comment - We've tested Crowd 3.1.1 using all the supported browsers: Chrome - Version 63.0.3239.84 Internet Explorer - 11 Mozilla Firefox - Version 57.0.2 Safari - Version 11.0.2 (12604.4.7.1.4) The cache headers we currently add in Crowd are enough to prevent the behaviour with all the supported browsers. Closing as not reproducible
            Gaurav Agarwal (Inactive) made changes -
            Remote Link New: This issue links to "KRAK-1022 (JIRA Server)" [ 339924 ]
            Marcin Kempa made changes -
            Remote Link New: This issue links to "Page (Extranet)" [ 339439 ]

              Unassigned Unassigned
              rlouie Robert Louie
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: