Re: Interesting "caching" problem - anyone using a Gmail "channel" in Ellucian's "Luminis" portal??

["Flynn, Gary - flynngn" <flynngn () JMU EDU>]

It sounds related to Google's "Stay Signed In" feature but clearing cookies
should disable/clear that. 

 

************************************************

Have you logged into Gmail from a lab or library computer lately? If you
didn`t sign out of Gmail or restart the computer when you were done, the
next person who used the computer and visited the Gmail web site was
automatically logged into your Gmail account. Even if you logged out of the
computer. You may experience similar issues with other services you
patronize. The Amazon site will remember who you are but fortunately will
make you sign in again to view any information or submit any orders.

This is all brought to you by the miracle of web cookies. They are bits of
information about you that web sites store on your computer...or on a shared
computer if that is what you happen to be using. When you visit the site
again, the web site can retrieve them to remember information about you or
even automatically log you in...even if someone else happens to be at the
keyboard at the time. Google decided to make automatic login the default
behavior.

What to do?

For Gmail, uncheck the box labeled "Stay Signed In" before logging in. If
you forget to do that, you can still protect yourself. After you are done
using the service, click your account photo or email address in the top
right corner and select "sign out". (Taken from Google`s Gmail Security
Checklist <https://support.google.com/mail/checklist/2986618?rd=1>  step 9 -
advice for shared computers).

************************************************************

 

Maybe some inline code like the logout link someone else posted could be
used to affect the "Stay Signed In" status.

 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL
Sent: Monday, August 04, 2014 9:59 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Interesting "caching" problem - anyone using a Gmail
"channel" in Ellucian's "Luminis" portal??

 

Hi Justin,

 

Unfortunately - yes, we have tried this, (in Chrome and IE), but the problem
appears to persist.  According to Google - this persistent cookie thing is
an integral part of their own security model??

 

M

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jones, Justin
Sent: Monday, August 4, 2014 7:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Interesting "caching" problem - anyone using a Gmail
"channel" in Ellucian's "Luminis" portal??

 

Michael-

 

I personally have not seen this, but have you tried forcing the browser to
clear all cached files when the browser is closed?  In Firefox it is located
in Options -> Privacy -> Click the check box:  Clear history when Firefox
closes.  In Chrome, I do not see anything like what is seen in Firefox, I
will play with Chrome some more and report my findings.  In IE:  Go to
Internet Options -> Browsing History section under the General Tab and click
Delete browsing history on exit.

 

Hopefully this will fix the issue you are seeing with Luminis and Gmail.

 

Thank you-

Justin Jones

 

Office of Research Administration

Indiana University

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL
Sent: Monday, August 04, 2014 9:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Interesting "caching" problem - anyone using a Gmail
"channel" in Ellucian's "Luminis" portal??

 

Hi folks,

 

We have an interesting, yet troubling, problem.  We use Ellucian's "Luminis"
portal as part of our Banner system - and one of the "channels" that we have
on our Luminis portal is directly to Gmail, because we outsourced our
student email to Google about 2 years ago.  What we have discovered is:

1.      "Student A" walks up to an open kiosk system in our Admissions area
and logs in to Luminis with their own credentials

2.      "Student A" clicks on the Gmail "channel" in the Luminis portal and
checks their email

3.      "Student A" finishes reading their email and just closes the active
window, (ie, clicks on the "X" in the upper right corner of the window) and
walks away..

4.      Now - "Student B" walks up to the same open kiosk - they open a new
browser window and is prompted to login to Luminis with their own
credentials

5.      "Student B" clicks on the Gmail channel in the Luminis portal to
check their email

6.      PROBLEM - what "Student B" finds is that they are NOT in their own
email - in fact, "Student B" has full access to "Student A's" email, because
the cookie left behind by Google with the first student has kept the session
active, even once the browser is closed.

 

..and the browser doesn't seem to matter.  It works this way in IE, Chrome -
all versions, apparently.

 

We've run this problem all the way up to Ellucian *and* Google.  Google says
everything is "working as designed" - there's no way to keep the cookie from
remaining resident and active, as long as the system isn't rebooted.  The
only thing that *appears* to work is making the student explicitly logout of
the Luminis session when they are done...but - since these systems are setup
to be self-service kiosks, there's not always someone there to remind
students to "log off before you leave", so we have students closing the
window thinking that they've "logged off", but the next student steps up,
logs in, and gets the previous student's email.

 

The problem doesn't seem to occur with any other "channels" - and we've
tried just about everything within the browser, with the Gmail settings,
popup blockers, security settings on the OS, etc.  Ellucian seems to be very
perplexed by our inquiries - seems that no one else is experiencing this
except us..??

 

Anyone else see or experience anything like this?

 

Anyone else already *solve* a problem like this?

 

Thanks for your time and consideration...

 

Michael Schalip

Dir, ITS/Customer Support Services

Central New Mexico Community College

 


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and 
no known threats were found. 


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and is 
believed to be clean. 


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and 
no known threats were found.

Attachment: smime.p7s
Description: