Advisory 2021-12/1 Delayed session expiration

Session cookies not immediately invalidated after logout

Security Advisory DateDecember 7, 2021
Vulnerability TypeAuthentication failure


Versions affectedFileCloud Versions 21.2 and earlier
Version fixedFileCloud Version


When a user logs out of a FileCloud browser session, the server session continues to be valid. An actor who has access to the local browser could possibly steal the session cookies to access the system.


This has been fixed in FileCloud version

What you should do

  • If you are using FileCloud on-premises, it is recommended that you apply the patch. This will resolve the issue.
  • If you are using FileCloud online, the patch has already been applied to your installation of FileCloud.

If you have any questions about this advisory, please contact FileCloud support