Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Open Session becomes available on all previous browsers

Erika Lazo
Erika Lazo September 30, 2012

When I log-in on JIRA on the browser on my computer, the session is open/available on the browser on another computer I opened a session before. Even dough I closed the session on the other browser. In other words, when I open the session on my computer, it gest available again on the other computer.

We see this as a big security issue.

Answer
Watch
Like Be the first to like this
265 views

3 answers

1 accepted

0 votes
Answer accepted
Erika Lazo
Erika Lazo October 9, 2012

I found the answer after testing different options.

There are two steps in the log out process.

1. Log out link.

2. Confirm Log-out. (see screenshot) if we do not confirm it. the session still is alive. If we press the Log out button, it closes the session of the accounts on Jira (this means we have to log-in again from the other computers too). In conclusion it is only one open session on JIRA (Log-out affects all the computer browswers that have a session open)

Reply
0 votes
Erika Lazo
Erika Lazo October 1, 2012

I do not think that was quite my question.

Let me rephrase my question:

Steps:

1. I log-on on JIRA From the browser on my workstation.

2. I log-on on JIRA from the browser on the computer in the conference room.

3. I log-out on JIRA from the browswer on the computer in the conference room.

4. I go back to my workstation and session is closed.

5. I re-login on JIRA from the browser on my workstation.

6. Someone else on the computer in the conference room opens up the browser and my JIRA Account is open.

7. How do I prevent having my account open on the conference room after I logged-out.

8. Is this a normal workflow on JIRA?

View More Comments
Norman Abramovitz
Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 1, 2012

Try clearing the cookie cache on the conference room browser after logging out. If you have remember the last login set, then going to a Jira page will open things up again.

I am bit confused about step 6 since in step 3 you should have logged out and closed down the browser. Opening up the browser in step 6 should bring you to the default browser page unless that is Jira.

Like
Norman Abramovitz
Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 1, 2012

I could see this type of behavior could be normal with cookies enabled or/and with single sign on (SSO). I am not saying that it is correct or incorrect behavior, just I can see it happening.

Like
Erika Lazo
Erika Lazo October 9, 2012

Ok. Thanks. I'll try to do it.

Like
Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 1, 2012

Hmm. I'm not sure that's correct behaviour. I'd expect Jira to be thinking "user has logged in" and know that you're active, but I agree with you that it probably shouldn't be remembering you on different computers like that.

But I'm also not sure it's a real security issue. If you are using computer A, then move to B, then you should have locked or shut down A. If you are leaving sessions running on a computer other people can get access to, then your physical security is already compromised...

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 1, 2012

I'm really not sure that it is - no-one should have access to a locked computer, and that's actually how SSO works - you're logged in, so you should be able to use the system. Doesn't matter where it's from.

The issue I see is "the session was open autmatically" - what's automatically opening? It's logged in, yes, but what's "open"?

Like
Erika Lazo
Erika Lazo October 1, 2012

I did not leave a session open on computer B (I logged-out), but when I open my session again on my computer A, automatically on computer B the session is open. It really surprised me when I saw this behavior. I spent some time testing and I was able to reproduce the issue.

Steps.

1. Log-in computer A

2. Log-in computer B

3. Log-out computer B

4. go to computer A..(this is another issue but do not pay attention to it. We can suvive with it.. It logged me out on A too). Log-in again.

5. Go to computer B. The session was open automatically)

6. the end.

This is a security issue,

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events