Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5352

session.tokenkey value randomly generated with quotes causing login issues to applications

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 3.3.6, 3.4.5
    • 3.3.0, 3.4.0
    • None
    • None

      Issue Summary

      session.tokenkey value sometimes generated with quotes. This can impact the SSO experience by unexpectedly overwriting cookies

      Environment

      • Crowd 3.3.3
      • Confluence any version

      Steps to Reproduce

      1. Connect Confluence and Crowd with SSO
      2. Login to Confluence as Crowd users
      3. Go to Browser Console, to check the session cookies generated

      Expected Results

      Session.tokenkey (or crowd.token_key) value will not have quotes

      Actual Results

      Session.tokenkey (or crowd.token_key) values will have quotes when an equal(=) sign exist in the token

      Looking into the HAR file, the token with quotes will have 1 pair of quotes being escaped that look something like this:

                    "name": "crowd.token_key",
                    "value": "\"xxxxxxxxxxxxxxxxx=\"",
      

      Notes

      • This issue not seen without SSO
      • This issue does not exists in Crowd version 3.2.5

      Workaround

      • As the Token is being generated randomly, the affected user can try to Log Out and re-Log In again to get a new token generated.
      • There are still chances that after re-logging the user still get another token with an equal(=) symbol in it and hitting into the same issue

        1. tokenkey.png
          57 kB
          Monique Khairuliana

              mmakowski Mareusz (Inactive)
              mkhairuliana Monique Khairuliana (Inactive)
              Votes:
              11 Vote for this issue
              Watchers:
              22 Start watching this issue

                Created:
                Updated:
                Resolved: