Symptoms

Bamboo User is constantly logged out of Bamboo when switching Between Bamboo and another Atlassian application.

Also the following error can be seen numerous times throughout the logs.

atlassian-bamboo.log:

Authorization failed: org.acegisecurity.AccessDeniedException: Access is denied; authenticated principal: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: XXXXXXXXX; SessionId: FD4C889BC711D2F68CC6E9E6D291BD15; Granted Authorities: ROLE_ANONYMOUS; secure object: com.atlassian.bamboo.webwork.StarterAction@38b0321f; configuration attributes: [WW_READ, GLOBAL_READ]

Diagnosis

This occurs when Bamboo and another Tomcat wrapped Atlassian application are accessible at the exact same domain with only differentiating ports.

Cause

The JSESSIONID portion of the cookie does not retain the port number:

If another application is located at the same domain (in this case localhost) and is accessed/logged into, the JSESSIONID will change and Bamboo will reject the entire cookie, requiring the user to login again.

Workaround

1. Select the "Remember Me" option when logging into the application so it saves your session and won't rely on the cookies.
2. Route your Bamboo application (host_address:8085 for example) to a different URL (host_address/bamboo for example) and do the same with the other Atlassian applications