WebSudo Login Issues With HAProxy
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Accessing Admin-related functions require a websudo authentication. With HAProxy in front of Confluence (as a load balancer for the Data Center), this becomes a problem if HAProxy is not configured correctly
Diagnosis
Environment
- This applies only to HAProxy configurations with Confluence
Cause
Indirect flag in the cookie configuration in HAProxy, example:
backend confluence_app
option httplog
option forwardfor
option http-server-close
option httpchk
mode http
balance roundrobin
cookie JSESSIONID prefix indirect nocache
According to https://cbonte.github.io/haproxy-dconv/configuration-1.5.html :
Note: it is highly recommended not to use "indirect" with "prefix", otherwise server cookie updates would not be sent to clients
Resolution
Remove the indirect flag in the cookie configuration in HAProxy, followed by a restart