We noticed that if a user is accessing Confluence in Chrome, when he/she logs out and then hits the back button, information specific to that user is still displayed. Technically, the session appears to be destroyed, since clicking on anything of that user-specific information will redirect to the login screen. However, since user-specific information is still displayed, we experience this as a security issue. Our clients are working in situations where multiple users are accessing the same physical machine (PC) and make use of Confluence in consequent turns. If user 2 hits the back button after user 1 (thought he) logged out, user 2 will be able to see information that was meant for user 1.
This is only happening in Chrome (26) and not in IE or Firefox (any version). The version of Confluence that we're using is 4.3.7, but it happens in earlier versions as well. Reproducing the issue is easy: log in to Confluence in Chrome, log out and hit the back button.
Can anyone suggest a way to prevent this 'back button' view on the previous session in Confluence?
Thanks in advance!
Nice to hear from you! So, you're confirming our finding. Our issue is that Chrome should not allow user 2 to review the page you had opened when you logged out as user 1, but instead redirect you to the login page, as IE and Firefox do. Looking forward to a possible solution!
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs