Re: Interesting "caching" problem - anyone using a Gmail "channel" in Ellucian's "Luminis" portal??

["SCHALIP, MICHAEL" <mschalip () CNM EDU>]

Yep - tried that, too.....but it still hangs on, and Google insists that everything is "working as designed".....

Michael

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse 
Safran
Sent: Monday, August 4, 2014 7:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Interesting "caching" problem - anyone using a Gmail "channel" in Ellucian's "Luminis" portal??

Set your browser defaults to delete history/cache/cookies on exit?

On Mon, Aug 4, 2014 at 9:45 AM, SCHALIP, MICHAEL <mschalip () cnm edu<mailto:mschalip () cnm edu>> wrote:
Hi folks,

We have an interesting, yet troubling, problem.  We use Ellucian's "Luminis" portal as part of our Banner system - and 
one of the "channels" that we have on our Luminis portal is directly to Gmail, because we outsourced our student email 
to Google about 2 years ago.  What we have discovered is:
1.      "Student A" walks up to an open kiosk system in our Admissions area and logs in to Luminis with their own 
credentials
2.      "Student A" clicks on the Gmail "channel" in the Luminis portal and checks their email
3.      "Student A" finishes reading their email and just closes the active window, (ie, clicks on the "X" in the upper 
right corner of the window) and walks away....
4.      Now - "Student B" walks up to the same open kiosk - they open a new browser window and is prompted to login to 
Luminis with their own credentials
5.      "Student B" clicks on the Gmail channel in the Luminis portal to check their email
6.      PROBLEM - what "Student B" finds is that they are NOT in their own email - in fact, "Student B" has full access 
to "Student A's" email, because the cookie left behind by Google with the first student has kept the session active, 
even once the browser is closed.

....and the browser doesn't seem to matter.  It works this way in IE, Chrome - all versions, apparently.

We've run this problem all the way up to Ellucian *and* Google.  Google says everything is "working as designed" - 
there's no way to keep the cookie from remaining resident and active, as long as the system isn't rebooted.  The only 
thing that *appears* to work is making the student explicitly logout of the Luminis session when they are done.....but 
- since these systems are setup to be self-service kiosks, there's not always someone there to remind students to "log 
off before you leave", so we have students closing the window thinking that they've "logged off", but the next student 
steps up, logs in, and gets the previous student's email.

The problem doesn't seem to occur with any other "channels" - and we've tried just about everything within the browser, 
with the Gmail settings, popup blockers, security settings on the OS, etc.  Ellucian seems to be very perplexed by our 
inquiries - seems that no one else is experiencing this except us....??

Anyone else see or experience anything like this?

Anyone else already *solve* a problem like this?

Thanks for your time and consideration.....

Michael Schalip
Dir, ITS/Customer Support Services
Central New Mexico Community College


--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and
no known threats were found.



--
Jesse Safran

--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and
no known threats were found.