Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.3.6, 3.4.5
Affects Version/s: 3.3.0, 3.4.0
Component/s: None
Labels:
None

Support reference count:
13
Symptom Severity:
Severity 3 - Minor
UIS:
262
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

session.tokenkey value sometimes generated with quotes. This can impact the SSO experience by unexpectedly overwriting cookies

Environment

Crowd 3.3.3
Confluence any version

Steps to Reproduce

Connect Confluence and Crowd with SSO
Login to Confluence as Crowd users
Go to Browser Console, to check the session cookies generated

Expected Results

Session.tokenkey (or crowd.token_key) value will not have quotes

Actual Results

Session.tokenkey (or crowd.token_key) values will have quotes when an equal(=) sign exist in the token

Looking into the HAR file, the token with quotes will have 1 pair of quotes being escaped that look something like this:

              "name": "crowd.token_key",
              "value": "\"xxxxxxxxxxxxxxxxx=\"",

Notes

This issue not seen without SSO
This issue does not exists in Crowd version 3.2.5

Workaround

As the Token is being generated randomly, the affected user can try to Log Out and re-Log In again to get a new token generated.
There are still chances that after re-logging the user still get another token with an equal(=) symbol in it and hitting into the same issue

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

tokenkey.png
57 kB
30/Jan/2019 3:00 PM

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Mareusz (Inactive)

Reporter:: Monique Khairuliana (Inactive)

Votes:: 11 Vote for this issue

Watchers:: 22 Start watching this issue

Dates

Created:: 30/Jan/2019 2:47 PM

Updated:: 19/Aug/2019 8:01 AM

Resolved:: 23/May/2019 12:21 PM