User is constantly logged out of JIRA

Still need help?

The Atlassian Community is here for you.

Ask the community

This Knowledge Base article was written specifically for the Atlassian Server platform. Due to the Restricted functions in Atlassian Cloud apps, the contents of this article cannot be applied to Atlassian Cloud applications.

Problem

  1. JIRA users are consistently logged out on each page or whilst using other applications (e.g.: Confluence).
  2. After logging into one application (e.g.: Confluence) then into another (e.g.: JIRA), users are automatically logged out of the other application (or vice-versa).

This is a client-side issue and as such the log files will typically not contain anything in them that will assist in identifying this problem.

Cause

This problem is most often caused by the cookie being overwritten when accessing JIRA, Confluence or potentially any other applications with a web-login on the same domain or IP, such as with the below configuration:

  • JIRA: http://atlasserver:8080/
  • Confluence: http://atlasserver:8090/

As the cookies are not distinguished by the port number, the browser will overwrite the previous cookie and it will appear as if the user has been logged out of the previous application. Given that this is browser-specific, it will not be visible within the application logs.

We have an improvement request to better handle this in product tracked under  JRA-36960 - Getting issue details... STATUS .

Workaround

Use separate browsers when accessing each application (IE, Firefox, Chrome, etc) or use private browsing mode in one tab to access JIRA and normal browsing to access Confluence. This is not a recommended fix, however can be used for testing environments.

Resolution

Configuration of DNS and reverse-proxies are supported by JIRA, however are out of scope of our Atlassian Support Offerings. Consequently, Atlassian can not guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.

As JIRA and Confluence can be resource intensive and as part of standard best-practices, Atlassian recommends running Confluence and JIRA on separate physical machines, behind a reverse-proxy such as Apache Web Server or IIS.

If there is a requirement to use the same machine, any of the below can be utilised to resolve this problem:

  • Have separate DNS entries for the same IP, allowing the browser to distinguish between the two, for example:
    • JIRA: http://jira:8080
    • Confluence: http://confluence:8090

  • Modify the Context path in server.xml for both JIRA and Confluence, as per our How to change the JIRA context path KB. For example, a recommended setup would be:
    • JIRA:  http://atlasserver:8080/jira
      Confluence: http://atlasserver:8090/confluence
      (warning) If you are using Crowd authentication between the products, you have to reconnect all the products (Confluence and Fisheye) to the updated JIRA URL for Crowd authentication.
  • Host both applications behind a reverse-proxy, as in Integrating JIRA with Apache & Running Confluence behind Apache.
  • Set up Single-Sign-On with Atlassian Crowd, as in our Overview of SSO docs.
  • Using Tomcat 6, the session cookie name can be changed to something unique (the two applications must have different session cookie name) as per Setting Properties and Options on Startup using the below argument:

     -Dorg.apache.catalina.SESSION_COOKIE_NAME=JIRASESSIONID
  • Using Tomcat 7 & 8, the session cookie name can be changed to something unique (the two applications must have different session cookie name) by modifying the $JIRA_INSTALL/conf/context.xml as below:

    Before:

    <!-- The contents of this file will be loaded for each web application -->
    <Context>
        <!-- Default set of monitored resources -->
        <WatchedResource>WEB-INF/web.xml</WatchedResource>

    After:

    <!-- The contents of this file will be loaded for each web application -->
    <Context sessionCookieName ="JIRASESSIONID">
        <!-- Default set of monitored resources -->
        <WatchedResource>WEB-INF/web.xml</WatchedResource>
  • After making the above changes, please be sure to recreate any Application Links as the configuration of these can also cause the user to be logged out in the same scenario as in the cause section.
Last modified on Jul 31, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.