User hijacking problem that occurs along with number format exception

Still need help?

The Atlassian Community is here for you.

Ask the community


This will generally occur if you are using some form of custom authentication.

What happens:
1. User 'A' logged into their crucible account.
2. User 'B' logged into their crucible account on another PC.
3. when user 'A' refresh their browser (or send new HTTP request), their account changes to user 'B' or other account.

The following error always occurs in the log when this happens:

2009-03-31 10:57:43,867 ERROR [btpool0-71] org.mortbay.log sun.reflect.GeneratedMethodAccessor991-invoke - EXCEPTION
java.lang.NumberFormatException: uC
at org.mortbay.util.TypeUtil.parseInt(
at org.mortbay.util.URIUtil.decodePath(
at org.mortbay.jetty.Request.getCookies(
at org.mortbay.jetty.servlet.SessionHandler.setRequestedId(
at org.mortbay.jetty.servlet.SessionHandler.handle(
at org.mortbay.jetty.handler.ContextHandler.handle(
at org.mortbay.jetty.webapp.WebAppContext.handle(
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(
at org.mortbay.jetty.handler.HandlerCollection.handle(
at org.mortbay.jetty.handler.HandlerWrapper.handle(
at org.mortbay.jetty.Server.handle(
at org.mortbay.jetty.HttpConnection.handleRequest(
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(
at org.mortbay.jetty.HttpParser.parseNext(
at org.mortbay.jetty.HttpParser.parseAvailable(
at org.mortbay.jetty.HttpConnection.handle(
at org.mortbay.thread.BoundedThreadPool$


The NumberFormatException is an error with Jetty's cookie processing and is a symptom of this issue. FE-1369 has been raised on the Atlassian bug tracking system to upgrade the version of jetty bundled with Fisheye.


Upgrade to a later Fisheye version to take advantage of the fixes of FE-1369.

Last modified on Jul 31, 2018

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.