Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Back button after logout in Chrome will display user-specific information

Jurriaan van Re
Jurriaan van Reijsen May 12, 2013

Hi,

We noticed that if a user is accessing Confluence in Chrome, when he/she logs out and then hits the back button, information specific to that user is still displayed. Technically, the session appears to be destroyed, since clicking on anything of that user-specific information will redirect to the login screen. However, since user-specific information is still displayed, we experience this as a security issue. Our clients are working in situations where multiple users are accessing the same physical machine (PC) and make use of Confluence in consequent turns. If user 2 hits the back button after user 1 (thought he) logged out, user 2 will be able to see information that was meant for user 1.

This is only happening in Chrome (26) and not in IE or Firefox (any version). The version of Confluence that we're using is 4.3.7, but it happens in earlier versions as well. Reproducing the issue is easy: log in to Confluence in Chrome, log out and hit the back button.

Can anyone suggest a way to prevent this 'back button' view on the previous session in Confluence?

Thanks in advance!

Answer
Watch
Like Be the first to like this
544 views

4 answers

0 votes
Jurriaan van Re
Jurriaan van Reijsen May 17, 2013

Anyone? Any help would be greatly appreciated!

Reply
0 votes
Jurriaan van Re
Jurriaan van Reijsen May 12, 2013

Hi Mick,

Nice to hear from you! So, you're confirming our finding. Our issue is that Chrome should not allow user 2 to review the page you had opened when you logged out as user 1, but instead redirect you to the login page, as IE and Firefox do. Looking forward to a possible solution!

Reply
0 votes
Mick Davidson
Mick Davidson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 12, 2013

Hoi Jurrian,

Ik ben verhuisd naar Engeland. Nou werk ij voor Jagex, met he documentatie in Confluence. Morgen ga ik naar London vor mijn eerste UG onmoeting. :)

Ik hope dat alles good met jullie is.

Reply
0 votes
Mick Davidson
Mick Davidson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 12, 2013

I've just tested this and what I see is the page I had open when I logged out. If i try to navigate to any page from that one, I'm shown the login screen.

We're using 4.3.7.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events