Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5352

session.tokenkey value randomly generated with quotes causing login issues to applications

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • High
    • Resolution: Fixed
    • 3.3.0, 3.4.0
    • 3.3.6, 3.4.5
    • None
    • None

    Description

      Issue Summary

      session.tokenkey value sometimes generated with quotes. This can impact the SSO experience by unexpectedly overwriting cookies

      Environment

      • Crowd 3.3.3
      • Confluence any version

      Steps to Reproduce

      1. Connect Confluence and Crowd with SSO
      2. Login to Confluence as Crowd users
      3. Go to Browser Console, to check the session cookies generated

      Expected Results

      Session.tokenkey (or crowd.token_key) value will not have quotes

      Actual Results

      Session.tokenkey (or crowd.token_key) values will have quotes when an equal(=) sign exist in the token

      Looking into the HAR file, the token with quotes will have 1 pair of quotes being escaped that look something like this:

                    "name": "crowd.token_key",
                    "value": "\"xxxxxxxxxxxxxxxxx=\"",
      

      Notes

      • This issue not seen without SSO
      • This issue does not exists in Crowd version 3.2.5

      Workaround

      • As the Token is being generated randomly, the affected user can try to Log Out and re-Log In again to get a new token generated.
      • There are still chances that after re-logging the user still get another token with an equal(=) symbol in it and hitting into the same issue

      Attachments

        1. tokenkey.png
          57 kB
          Monique Khairuliana

        Issue Links

          Activity

            People

              mmakowski Mareusz
              mkhairuliana Monique Khairuliana (Inactive)
              Votes:
              11 Vote for this issue
              Watchers:
              22 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: