Ideation : External Ideation Users are able to create ideas on a ideation group that they are not authorized to

Issue Summary

• External Ideation Users are able to create ideas on a ideation group that they are not authorized to.

Steps to Reproduce

1. Setup two Ideation Group: "Mozilla" ideation group and "Safari" ideation group
2. Configure external URLs for each, and allow for external user registering
3. Have an external user "John Doe" to register on Mozilla
4. As a Jira Align Ideation Admin, authorize that user
5. Have the user log in to Mozilla's external URL & file a new Idea
6. Open a new tab (same browser)
7. Browse to Safari's external URL
8. Notice an error message (red toaster) like below
   "An access request has been sent to this group's administrator." (see bug JIRAALIGN-3292 for details)
9. Get back to Mozilla tab
10. Click Create New Idea button, type in as necessary, then Save
11. Notice the new Idea gets created on Safari ideation group, not Mozilla
12. Notice the user is able to open all Safari ideas displayed on the Ideation grid

Expected Results

• New ideas should be created on the Ideation group that the user is (a) authorized to and (b) logged in at the tab in focus currently.

Actual Results

• Browser cookies gets changed when browsing between two or more ideation groups
• Creating ideas after switching between tabs end up creating ideas in a different ideation group
• Unauthorized user gets access to ideas of a given ideation group

Workaround

• Currently there is no known workaround for this behavior. A workaround will be added here when available.