Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-7106

Remember-me authentication sometimes doesn't work

XMLWordPrintable

      NOTE
      In 3.7.1, we'll be shipping a workaround that makes the remember-me problem less likely to occur. This workaround will however not completely eliminate all remember-me problems.
      A real fix for the problem (a rewrite of the remember-me functionality) is expected to ship in 3.8.0.

      A race condition has been discovered in remember-me authentication where two parallel HTTP requests provide the same remember-me cookie to Stash.

      The first request authenticates successfully and a new remember-me token is generated and returned to the browser.

      The second request attempts to authenticate using the -now stale- token and is rejected. Furthermore, Stash detects that it is a stale token and as a safety precaution against cookie theft attacks invalidates all remember-me tokens for the user, including the new cookie that was just returned.

            [BSERV-7106] Remember-me authentication sometimes doesn't work

            Owen made changes -
            Workflow Original: Stash Workflow - Restricted [ 1447314 ] New: JAC Bug Workflow v3 [ 3136797 ]
            Frank Doherty made changes -
            Link New: This issue is related to BSERVDEV-15051 [ BSERVDEV-15051 ]
            Owen made changes -
            Workflow Original: Stash Workflow [ 833248 ] New: Stash Workflow - Restricted [ 1447314 ]
            Roger Barnes (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 96153 ] New: This issue links to "Page (Extranet)" [ 96153 ]
            Roger Barnes (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 96153 ] New: This issue links to "Page (Extranet)" [ 96153 ]
            Roger Barnes (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 112668 ] New: This issue links to "Page (Extranet)" [ 112668 ]
            Roger Barnes (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 95734 ] New: This issue links to "Page (Extranet)" [ 95734 ]
            Nick made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 96153 ] New: This issue links to "Page (Extranet)" [ 96153 ]
            Roger Barnes (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 95734 ] New: This issue links to "Page (Extranet)" [ 95734 ]
            Roger Barnes (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Extranet)" [ 96153 ] New: This issue links to "Page (Extranet)" [ 96153 ]

              mheemskerk Michael Heemskerk (Inactive)
              mheemskerk Michael Heemskerk (Inactive)
              Affected customers:
              3 This affects my team
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: