The “Auto login by Cookie” management

You may be redirected to this help article directly from your site as of Matador Jobs 3.8.0. This help document explains the “Auto login by Cookie” which, as of Matador Jobs 3.8.0, is detected when the logged in User ID and the Bullhorn API User ID are mismatched.

The “Auto login by Cookie” is caused when your Matador Jobs powered website logs into Bullhorn and Bullhorn authorizes your site using the credentials stored on your Bullhorn cookie instead of using the credentials provided by Matador that you entered into the Bullhorn Connection Assistant.

The “Auto login by Cookie” has a number of negative impacts that can affect a Matador Job’s powered site and can potentially be a very serious issue for our users.

As of Matador Jobs 3.8.0, we were able to add code to help a site automatically detect when an instance of The “Auto login by Cookie” is present, and you may see any of the following warnings on your site:

Your site is connected to Bullhorn with a User ID that does not match the Bullhorn API User ID in your settings. This will cause Matador to behave in unexpected ways; we at Matador call this “Auto login by Cookie” management

What is the “Auto login by Cookie” management

When your Bullhorn API enabled site logs into the API, it creates an OAuth connection. During this connection routine, one of two things will happen. You will either be redirected to a Bullhorn log in screen and prompted to enter the API username and password or Matador may provide this information programmatically to Bullhorn so that all you see is a quick screen refresh.

A cookie is a small file saved to your local computer by your web browser at the request of a website. A cookie can contain information about you that helps the site deliver a customized experience, maintain your status across page loads, and help websites track you for advertising or analytics purposes.

A common use of a cookie is to save information about your active logins to a website so that you can navigate logged in areas without needing to enter a password each time, and Bullhorn saves a cookie to your browser every time you log into the Bullhorn ATS system.

When Matador Jobs logs into Bullhorn, if the web browser you’re using has a Bullhorn login cookie, the user information from the cookie may be used to connect your site to the Bullhorn API and not the designated API Username and password provided in the Bullhorn Connection Assistant.

This is a bug within the Bullhorn system, and one that we at Matador Jobs must work around or guide you to work around.

Note: We first observed the Bullhorn “Auto login by Cookie” in spring of 2018 and have reported it to Bullhorn on several occasions, including in-person to Bullhorn developers. At this time, we are unaware of progress being made on fixing the issue.

What Are Impacts of the “Auto login by Cookie”?

The “Auto login by Cookie” can cause some very odd and annoying issues. These issues include the following:

• The logged in user is assigned ownership for all candidates and submissions made via the website, which in some agencies can drastically impact team workflows, ie: “Joe Recruiter” gets assigned ownership of all website applications, when it should be “Recruiter Company Website.”
• If the logged in user has fewer entitlements/permissions than the API user, i.e.: the user lacks the ability to modify private candidates or Consent Management data, Matador will also be limited by those fewer entitlements.
• If the logged in user has a password change, the Matador-powered website will cease to be connected to Bullhorn and require human intervention to reconnect.
• If the logged in user is associated with a different Bullhorn account, the website will connect to data from that account, wiping out and replacing all job data, disassociating all applications, and resetting notifications, among other things. For example, a web developer works with several Bullhorn clients and authorizes a site for client “A” while triggering a cookie bug with a client “B” account. Client “A”’s website will see all its jobs deleted and replaced with client “B”’s jobs and pending applications to Client “A” will be processed into Client “B’s” candidate records.
• If the logged in user’s account is cancelled or removed, like when a person no longer works at the agency, the Matador website will be completely unable to access data, but will not become disconnected, which triggers the various warning emails to admins.
• If the site becomes disconnected from Bullhorn, in some cases, the automatic reconnection routine will not work, resulting in a potentially long-term outage.

How to Avoid the “Auto login by Cookie”

We have several methods to avoid the “Auto login by Cookie”. We have listed them in order of most ideal to least ideal:

1. Connect to Bullhorn via the Bullhorn Connection Assistant while using a “private” or “incognito” web browser. This way, no Bullhorn cookies are active in the web browser. We strongly recommend this method. If you don’t know how to use Private or Incognito browsing on your device, we recommend a web search: “How to use private browsing on [your web browser, ie Chrome] on [your operating system, ie Window]”
2. Use a different browser profile or different browser than you use to log into Bullhorn when authorizing a website via the Bullhorn Connection Assistant.
3. Delete all cookies before authorizing a website via the Bullhorn Connection Assistant.
4. Log into Bullhorn and then explicitly log out. This action destroys the login cookie and makes it safe to authorize a website via the Bullhorn Connection Assistant. That said, we believe this method makes the user prone to forget a step and therefore, creates an opportunity for lost data and settings.

In addition to one of the above, do this after every authorization via the Bullhorn Connection Assistant:

1. Click “Test Auto Reconnect”, wait for the page to reload, and then do it a second time. The auto reconnect routine can bust the “cookie bug” if it was created, and doing it twice makes extra sure it is busted!

What to Do If I Know I Have the “Auto login by Cookie” problem

Simply, the easiest way to break the “Auto login by Cookie” problem is, after doing one of the above “Avoid” steps listed above, to go into the Bullhorn Connection Assistant from your Matador Jobs settings page and click “Deauthorize” and then “Authorize.” Then follow up with “Test Auto Reconnect.”

For more detailed information on this process, including a more advanced and thorough set of instructions, visit our guide on Connecting/Reconnecting to Bullhorn or specifically the part on Bullhorn Connection Routines.