Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

How to logout / TOO persistant login

k9t9
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 23, 2019

Dear ATLASSIAN / atlassian Community :

I have a very simple question :

How to definitely and unequivocally logout of this website ? ( community.atlassian.com )

Due to the nature of my work, I must quite frequently work on workstations that are not exclusively mine.  Also in our office some workstations are not exclusive .

After the (not-so-) recent change to the login method for ATLASSIAN products, we find it almost impossible to logout.  an automatic login will always occur with the last used ID/PWD.

Unless I / WE miss some absurdly obvious function or link ( and in that case - apologies )- The "logout" link is simply misleading in nature.

e.g. :

  • Two of my co-workers / colleagues signed-in in an airport lounge - and then took them almost an hour to try and reset the login - without success.
  • In our office - we are all forced to use ONE single username of the first unlucky user that logs in.
  • ..and even a personal laptop / workstation can not be left always logged-in.

All of the above scenarios can be considered as a very serious security threat. and I can count many more.

Deleting cookies / local storage does not seem to help - apparently they are set on multiple / separate domains and fiddling with them is not what anyone as a simple user should do - even if could.

In some instances cookies deletion will cause `404` errors like :

Not Found

The requested URL /simplesaml/module.php/core/no_cookie.php was not found on this server.

Answers like this one does not seems very helpful as we are not expected to mail / post thread every time we want to logout ... ( BTW - lots of questions about this issue. maybe a hint ?? )

I would also have expected to have a clear and precise warning to users of the fact that the login is persistent and can not be actually revoked on "logout" .

Again - if there is another method / function / link to do a real and persistent "logout" with cleaning of all residues - Then I apologize for the thread and please point me to the right direction.

But if there isn't any - Then I would definitely expect to be able to securely logout of any account at any moment I so desire.

Edit : Small addendum :

If indeed some function to clear all session exists - I would also expect to transparently EXPOSE it to users - as I wrote above - It seems we / I am not the only one(s) that search for it .... .

 

1 answer

0 votes
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 24, 2019

What have you done to the browser?  The session information is kept by a browser and cleared if you click "log out" under your profile.  This works for me in all three browsers I usually use, so I have to ask why yours is behaving differently/

krembo99 March 24, 2019

Nothing special done to the browser, I also tried it on several different browsers. Click logout and then login again - and no ID / PWD is asked.  just logged immediately. I do not think that we are the ones doing anything wrong..

krembo99 May 13, 2019

Is there any progress or answer on this issue ?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events