Logging into another Atlassian application logs me out of Confluence
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
- When logging into another Atlassian application after logging into Confluence, your Confluence session expires and you need to re-authenticate.
- When saving Confluence page, the following error is shown:
"Your session has expired. You may need to re-submit the form or reload the page." - Atlassian applications such as Jira, Confluence use the same JSESSIONID cookie. Realistically a collision will not be encountered in production, since different applications use different domain names/context path.
Diagnosis
You are running your application stack on the same URL path with the only difference between applications being the port. For instance:
http://localhost:8080 and http://localhost:8090
http://your.domain.com:8080 and http://your.domain.com:8090
Cause
Atlassian applications store your successful login as a cookie in your browser called the JSESSIONID. Your browser will store this cookie under a path for the domain, which is not port aware. In the above examples, each instance stores the session cookie in the '/' or root path. The JSESSIONID for Confluence is being overwritten by the JSESSIONID of the other Atlassian application.
We have an improvement request to better handle this in product tracked under - CONF-32589Getting issue details... STATUS .
Resolution
You may do either of the following to resolve this conflict:
Option 1:
Run each application on a separate context path. Edit the <install>/conf/server.xml and look for the Context tag and change the path variable, like so (requires a restart):
Confluence:
<Context path="/confluence" docBase="${catalina.home}/confluence" reloadable="false" useHttpOnly="true">
JIRA:
<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
See this KB article for more details.
Option 2
- Shut down Confluence
Add the sessionCookieName attribute to the <Context> element in
<install>/conf/context.xml:
<Context sessionCookieName="CONFLUENCESESSIONID">
NOTE that you must add the "sessionCookieName="CONFLUENCESESSIONID"" inside the Context tag and NOT create a new tag for this setting, otherwise Tomcat will not start correctly.
3. Start Confluence back up
This procedure works on Tomcat 6 and above.