Hello,
This issue is Privacy popup is not appearing immediately after login on Bitbucket dashboard. It only appears when navigating to manage apps/audit logging pages.
Expected Behavior:
-
Privacy popup should appear right after login.
-
User must accept/decline before accessing any content.
-
Accept → allow access.
-
Decline → log out and return to login screen (no auto-login).
Current Behavior:
-
User is redirected to dashboard without popup.
-
Popup only appears on admin pages (e.g., Manage Apps).
-
On decline:
-
Session invalidates
-
Redirects to
/login -
SSO auto-authenticates and redirects back to dashboard
-
Technical Details:
-
Custom
PrivacyFilterintercepts all requests (/*). -
Uses session attribute (
SESSION_ACCEPTED_KEY) to control access. -
Stores original URL before redirecting to
/plugins/servlet/privacyservlet. -
Accept flow works as expected.
-
Decline flow fails due to SSO auto-login behavior.
How can we enforce the privacy popup immediately after login (including dashboard) and prevent automatic SSO re-authentication after decline?