12 Replies Latest reply on Mar 18, 2013 5:50 PM by rgamache

    Jive Mobile App and session persistence - Potential security vulnerabilty?


      Hey everyone,


      I had a question of those of you who administer and/or use the Jive Mobile application.  Having installed the application in both my Jive instances, it has come to our attention that once a device is registered with our instance and the user connects via the Mobile App, the connection never times out and there is no way to tear down the session in the form of a user logout feature in the app.  I've been working with Support to find a solution and tried their "on prem" version of the Mobile app but even with that option, once the connection is established, there appears to be no way to tear down the session and the connection remains persistent.


      The obvious problem with this (if I'm not overlooking something) if a device is compromised that makes use of the Mobile app, an adversary would have access to your Jive instance by simply opening the Mobile app or in the "on prem" solution, access to your instance by going through your device's browser history. Have any of you asked the same questions and/or have you configured your instance to successfully close sessions?


      Any help would be appreciated.