Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5352

session.tokenkey value randomly generated with quotes causing login issues to applications

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 3.3.0, 3.4.0
    • Fix Version/s: 3.3.6, 3.4.5
    • Component/s: None
    • Labels:
      None

      Description

      Issue Summary

      session.tokenkey value sometimes generated with quotes. This can impact the SSO experience by unexpectedly overwriting cookies

      Environment

      • Crowd 3.3.3
      • Confluence any version

      Steps to Reproduce

      1. Connect Confluence and Crowd with SSO
      2. Login to Confluence as Crowd users
      3. Go to Browser Console, to check the session cookies generated

      Expected Results

      Session.tokenkey (or crowd.token_key) value will not have quotes

      Actual Results

      Session.tokenkey (or crowd.token_key) values will have quotes when an equal(=) sign exist in the token

      Looking into the HAR file, the token with quotes will have 1 pair of quotes being escaped that look something like this:

                    "name": "crowd.token_key",
                    "value": "\"xxxxxxxxxxxxxxxxx=\"",
      

      Notes

      • This issue not seen without SSO
      • This issue does not exists in Crowd version 3.2.5

      Workaround

      • As the Token is being generated randomly, the affected user can try to Log Out and re-Log In again to get a new token generated.
      • There are still chances that after re-logging the user still get another token with an equal(=) symbol in it and hitting into the same issue

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mmakowski Mateusz Makowski
              Reporter:
              mkhairuliana Monique Khairuliana
              Votes:
              11 Vote for this issue
              Watchers:
              23 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: