Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7420

Add an option for an adminsitrator to clear all users' sessions and tokens

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Server administration
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      In case of any security incident, an administrator should be able to invalidate all users' sessions. This applies to both active Jetty server sessions (FESESSIONID) as well as any 'remember me' tokens stored in cookies.

      Currently the only option is to run a `delete from cru_login_cookie` SQL command (to remove 'remember me' tokens) and to restart a server (to clear Jetty sessions).

      There shall be an option in the admin panel to clear those without restarting a server.

      References:

      https://confluence.atlassian.com/kb/how-to-force-all-users-of-atlassian-on-prem-products-to-re-authenticate-their-sessions-on-the-browser-1141985219.html

       

              Unassigned Unassigned
              mparfianowicz Marek Parfianowicz
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: