Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7420

Add an option for an adminsitrator to clear all users' sessions and tokens

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Server administration
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      In case of any security incident, an administrator should be able to invalidate all users' sessions. This applies to both active Jetty server sessions (FESESSIONID) as well as any 'remember me' tokens stored in cookies.

      Currently the only option is to run a `delete from cru_login_cookie` SQL command (to remove 'remember me' tokens) and to restart a server (to clear Jetty sessions).

      There shall be an option in the admin panel to clear those without restarting a server.

      References:

      https://confluence.atlassian.com/kb/how-to-force-all-users-of-atlassian-on-prem-products-to-re-authenticate-their-sessions-on-the-browser-1141985219.html

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            mparfianowicz Marek Parfianowicz
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: