Enabling 'invalidate.session.on.login' Causes Many Sessions to be Created for Same User

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

Multiple sessions for the same user exist. This is visible from Administration >> User Sessions:

Session Id

User

Type

IP Address

Requests

Last Accessed

Session Creation

1o2bcb4

John

HTTP

127.0.0.1

42

04:54:18 2011/05/03 EEST (+0300) (48m ago)

04:54:07 2011/05/03 EEST (+0300) (48m ago)

1o2bcb4

John

HTTP

127.0.0.1

1

04:54:07 2011/05/03 EEST (+0300) (48m ago)

04:54:07 2011/05/03 EEST (+0300) (48m ago)

1o2bcb4

John

HTTP

127.0.0.1

1

04:54:07 2011/05/03 EEST (+0300) (48m ago)

04:54:07 2011/05/03 EEST (+0300) (48m ago)

1o2bcb4

John

HTTP

127.0.0.1

1

04:54:07 2011/05/03 EEST (+0300) (48m ago)

04:54:07 2011/05/03 EEST (+0300) (48m ago)

1o2bcb4

John

HTTP

127.0.0.1

1

04:54:07 2011/05/03 EEST (+0300) (48m ago)

04:54:07 2011/05/03 EEST (+0300) (48m ago)

1o2bcb4

John

HTTP

127.0.0.1

1

04:54:07 2011/05/03 EEST (+0300) (48m ago)

04:54:07 2011/05/03 EEST (+0300) (48m ago)

Cause

This is caused by the new security option introduced since JIRA 4.2 (JIRA 4.2 Upgrade Guide).

Resolution

 

Stop JIRA

Disable the invalidate.session.on.login as below in seraph-config.xml:

<init-param>
    <param-name>invalidate.session.on.login</param-name>
    <param-value>false</param-value>
</init-param>

Start JIRA back up

Notes

See  JRA-16008 - Getting issue details... STATUS  

Last modified on Aug 2, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.