Hi,
We noticed that if a user is accessing Confluence in Chrome, when he/she logs out and then hits the back button, information specific to that user is still displayed. Technically, the session appears to be destroyed, since clicking on anything of that user-specific information will redirect to the login screen. However, since user-specific information is still displayed, we experience this as a security issue. Our clients are working in situations where multiple users are accessing the same physical machine (PC) and make use of Confluence in consequent turns. If user 2 hits the back button after user 1 (thought he) logged out, user 2 will be able to see information that was meant for user 1.
This is only happening in Chrome (26) and not in IE or Firefox (any version). The version of Confluence that we're using is 4.3.7, but it happens in earlier versions as well. Reproducing the issue is easy: log in to Confluence in Chrome, log out and hit the back button.
Can anyone suggest a way to prevent this 'back button' view on the previous session in Confluence?
Thanks in advance!
Hi Mick,
Nice to hear from you! So, you're confirming our finding. Our issue is that Chrome should not allow user 2 to review the page you had opened when you logged out as user 1, but instead redirect you to the login page, as IE and Firefox do. Looking forward to a possible solution!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hoi Jurrian,
Ik ben verhuisd naar Engeland. Nou werk ij voor Jagex, met he documentatie in Confluence. Morgen ga ik naar London vor mijn eerste UG onmoeting. :)
Ik hope dat alles good met jullie is.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I've just tested this and what I see is the page I had open when I logged out. If i try to navigate to any page from that one, I'm shown the login screen.
We're using 4.3.7.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.