When I log-in on JIRA on the browser on my computer, the session is open/available on the browser on another computer I opened a session before. Even dough I closed the session on the other browser. In other words, when I open the session on my computer, it gest available again on the other computer.
We see this as a big security issue.
I found the answer after testing different options.
There are two steps in the log out process.
1. Log out link.
2. Confirm Log-out. (see screenshot) if we do not confirm it. the session still is alive. If we press the Log out button, it closes the session of the accounts on Jira (this means we have to log-in again from the other computers too). In conclusion it is only one open session on JIRA (Log-out affects all the computer browswers that have a session open)
Hmm. I'm not sure that's correct behaviour. I'd expect Jira to be thinking "user has logged in" and know that you're active, but I agree with you that it probably shouldn't be remembering you on different computers like that.
But I'm also not sure it's a real security issue. If you are using computer A, then move to B, then you should have locked or shut down A. If you are leaving sessions running on a computer other people can get access to, then your physical security is already compromised...
I'm really not sure that it is - no-one should have access to a locked computer, and that's actually how SSO works - you're logged in, so you should be able to use the system. Doesn't matter where it's from.
The issue I see is "the session was open autmatically" - what's automatically opening? It's logged in, yes, but what's "open"?
I did not leave a session open on computer B (I logged-out), but when I open my session again on my computer A, automatically on computer B the session is open. It really surprised me when I saw this behavior. I spent some time testing and I was able to reproduce the issue.
1. Log-in computer A
2. Log-in computer B
3. Log-out computer B
4. go to computer A..(this is another issue but do not pay attention to it. We can suvive with it.. It logged me out on A too). Log-in again.
5. Go to computer B. The session was open automatically)
6. the end.
This is a security issue,
I do not think that was quite my question.
Let me rephrase my question:
1. I log-on on JIRA From the browser on my workstation.
2. I log-on on JIRA from the browser on the computer in the conference room.
3. I log-out on JIRA from the browswer on the computer in the conference room.
4. I go back to my workstation and session is closed.
5. I re-login on JIRA from the browser on my workstation.
6. Someone else on the computer in the conference room opens up the browser and my JIRA Account is open.
7. How do I prevent having my account open on the conference room after I logged-out.
8. Is this a normal workflow on JIRA?
Try clearing the cookie cache on the conference room browser after logging out. If you have remember the last login set, then going to a Jira page will open things up again.
I am bit confused about step 6 since in step 3 you should have logged out and closed down the browser. Opening up the browser in step 6 should bring you to the default browser page unless that is Jira.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot