SEGUC17 / git-rekt-se

SE Course 2017 Self Development Directory
MIT License
8 stars 0 forks source link

Chat history with admin is saved in the browser #233

Closed IElgohary closed 6 years ago

IElgohary commented 7 years ago

1. Severity: medium 2. Reported by: Islam Elgohary 3. Description: Chat history of chat with the admin is saved in the browser cookies and not erased after a looged in user logs out. Any user (logged in or not) who uses the browser later on can read the chat between the previous client or previous Business and the admin and know details about their issues. 4. Steps to reproduce the issue:

1) Login as a business 2) chat with admin 3) logout 4) chat history is not erased

5. Expected result: chat history of logged in user should be erased after they lgout

melzareix commented 7 years ago

You are not expected to provide sensitive details in a live chat with support, also this is out of our hands and depends on the cloud service crisp.im that provides the service.