1. Home
  2. Troubleshooting
  3. The Bullhorn “Cookie Bug”

The Bullhorn “Cookie Bug”

The team at Matador Jobs found a bug in Bullhorn in March 2018 and we reported it to them. In Summer 2018, we had the opportunity to personally demonstrate the bug in-person to a team of Bullhorn Engineers. As of today, the bug remains, and it can cause Matador users some annoying issues. We are going to explain the “cookie bug” and tell you how to avoid it!

When your Bullhorn API enabled site logs into the API, it creates an OAuth connection. During this connection routine, one of two things will happen. You will either be redirected to a Bullhorn log in screen and prompted to enter the API username and password or Matador may provide this information programmatically to Bullhorn so that all you see is a quick screen refresh.

During this process, if the web browser completing the authorization and creating the OAuth connection has a Bullhorn login cookie the user from the cookie will be connected and the API Username provided in the Bullhorn Connection Assistant will not be connected. This issue occurs regardless of the username and password or the method for log-in (physical log in screen or programmatic login) used.

This can cause some very odd and annoying issues. These issues include the following:

  • The logged in user is assigned ownership for all candidates and submissions made via the website, which in some agencies can drastically impact team workflows.
  • If the logged in user has fewer entitlements/permissions than the API user, i.e.: the user lacks the ability to modify private candidates or Consent Management data, Matador will also be limited by those fewer entitlements.
  • If the logged in user has a password change, the Matador-powered website will cease to be connected to Bullhorn and require human intervention.
  • If the logged in user is associated with a different Bullhorn account, the website will connect to data from that account, wiping out and replacing all job data, disassociating all applications, and resetting notifications, among other things. For example, a web developer works with several Bullhorn clients and authorizes a site for client “A” while triggering a cookie bug with a client “B”, client “A”’s website will see all its jobs deleted and replaced with client “B”’s jobs.
  • If the logged in user’s account is cancelled or removed, like when a person no longer works at the agency, the Matador website will be completely unable to access data, but will not become disconnected, which triggers the various warning emails to admins.

We have several methods to avoid the cookie bug. We have listed them in order of most ideal to least ideal:

  1. Connect to Bullhorn via the Bullhorn Connection Assistant while using a “private” or “incognito” web browser. This way, no Bullhorn cookies are active in the web browser. We strongly recommend this method.
  2. Use a different browser profile or different browser than you use to log into Bullhorn when authorizing a website via the Bullhorn Connection Assistant.
  3. Delete all cookies before authorizing a website via the Bullhorn Connection Assistant.
  4. Log into Bullhorn and then explicitly log out. This action destroys the login cookie and makes it safe to authorize a website via the Bullhorn Connection Assistant. That said, we believe this method makes the user prone to forget a step and therefore, creates an opportunity for lost data and settings.

In addition to one of the above, do this after every authorization via the Bullhorn Connection Assistant:

  1. Click “Test Auto Reconnect”, wait for the page to reload, and then do it a second time. The auto reconnect routine can bust the “cookie bug” if it was created, and doing it twice makes extra sure it is busted!

Simply, the easiest way to break the cookie bug is to go into the Bullhorn Connection Assistant from your Matador Jobs settings page and click “Reset Connection Assistant” after copy-and-pasting your credentials to a text file. The process of resetting your connection will break the “cookie bug” and give you the opportunity to connect again using one of the four safe methods listed above.

For more information on this process, visit our guide on Connecting/Reconnecting to Bullhorn or specifically the part on Bullhorn Connection Routines.

Updated on November 12, 2021

Was this article helpful?

Related Articles