@cwb124 Okay - I'll need your help to get to the bottom of this - its not something we've encountered but we definitely need to understand what issue is here as clearly as you describe it there is a security problem.

Are you able to share any further information to help diagnose?

What would really help is if you can using the Chrome browser, open the developer tools, go to the network tab and check 'Preserve Log'. If you can then reproduce the issue in the browser and then export the network log to a HAR file, so we can take a look - you can do this by right-clicking on any of the network requests on the left and choose "Save as HAR with content". If you could share that with us, that would be very helpful.

Otherwise, would it be possible to for us to arrange to meet with you or one of your users and user a shared session to observe and diagnose the issue as it happens for them?

Notes on exporting the network log to a HAR file are also here: https://developers.google.com/web/tools/chrome-devtools/network-performance/reference

We have communication out for users to let us know if they experience it. We've been using Stratos for the better part of a year and I've only had this issue reported to us twice but both were reported in the last week or so. My team is unable to reproduce so I am not sure where we go from here. I apologize for the vagueness of this bug and the lack of logs/data but will do our best to get something in the event it happens again.

@cwb124 Couple of quick question to help us attempt to reproduce ...

1. How many instances does the Stratos cf application have?
2. Is there an external database service linked to the Stratos application?

5 instances of Console in the particular environment where we saw this happen twice. We haven't seen this reported in any of our other 7 sites that use Stratos btw, but this one is the heaviest used. No external database linked.

@cwb124 are you using SSO for login, or the Stratos username/password?

No SSO in our environments.

Addressed in 2.3.0