When logging in Jira from the mobile app the session does not expire

XMLWordPrintable

    • 2
    • Severity 2 - Major

      Issue Summary

      If a user logs into Jira from the mobile app the session does not have an inactivity time out as it happens for browser sessions

      Steps to Reproduce

      1. log into Jira Cloud from the mobile app
      2. leave it idle for ... any time
      3. you will not be logged out

      Expected Results

      One would expect that there is an inactivity timeout of some sort. This could be the same as the browser defined timeout at the organization level, or a specific timeout for mobile sessions, considering that mobile experience is different and users are not used to be timed out. In any case no timeout at all is a serious security problem (one that is becoming more and more critical following the COVID crisis)

      Actual Results

      The user is never logged out

      Workaround

      The only available workaround for the Admin seems to be to deactivate the user. 1h after deactivation the user will be kicked out of the mobile session

            Assignee:
            Vlad Svidersky
            Reporter:
            Giulio Iannazzo
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: