Bitbucket session lives on after closing tab without logout (BB-16187)

Issue #9270 resolved
Tom Zöhner created an issue

When a user closes the bitbucket tab without logging out first, he will stay logged in for days, meaning that everyone with access to this computer can just open bitbucket and is logged in as the previous user. This to me is a serious security flaw.

An option be added to the login form that allows you to disable the "stay logged in" feature.

Official response

  • Alastair Wilkes staff

    Hi y'all,

    I'm afraid this is no longer accurate as a result of the move to Atlassian account for SSO across our products. At this time, Atlassian account does not have the same "sign out of all other sessions" functionality, so the button is no longer there. That said, it is something we'd like to add.

    Alastair

Comments (21)

  1. Nicolas Venegas

    Hi

    This is intended behaviour.

    I would suggest that starting a private browsing session, e.g., in Chrome or Firefox, would let you do what you're after.

    Also, you can sign out any sessions associated with your account by clicking on your user menu in the top right then selecting Manage account then Sessions then Sign out of all other sessions.

    Cheers

    Nicolas

  2. Alastair Wilkes staff

    Hi y'all,

    I'm afraid this is no longer accurate as a result of the move to Atlassian account for SSO across our products. At this time, Atlassian account does not have the same "sign out of all other sessions" functionality, so the button is no longer there. That said, it is something we'd like to add.

    Alastair

  3. Alastair Wilkes staff

    @Billy_Bonka - yes, changing your password will log you out of all sessions. I'm just talking about the useful button.

  4. Wouter Hünd

    Since recently I keep getting logged out pretty much every day. I much preferred the old behavior since it also does not remember my second factor like Google does.

  5. Denis Howe

    Why has this been marked as "resolved"? Does that mean it is now possible to arrange to be logged out when you close the tab, as the OP requested? I also need that behaviour.

  6. Andriy Andriy

    I have multiple separate accounts (work and personal) an would like to be able to switch between them. Also I would like to log out from publicly accessible computers. No simple logout functionality seems like a major architectural issue - not just for me but for 100+ other users voted for this issue and for similar issues marked as duplicate since last year. Dear Atlassian, can you please pay more attention to what your users actually wants? If you want to keep us as you users, of course. Thank you.

  7. Log in to comment