Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Frequent logouts and Session swap / hijack in JIRA

Vishal Gautam
Vishal Gautam
Contributor
July 2, 2013

This problem has been resolved, adding it here if others encounter it ...

Poblem: Frequent logouts and sessions getting swapped (or hijacked) for some logged in users. When session swap / hijack happens you would see someone else's name as logged in user on top right and if you do not notice and create an issue or comment, it will go as the other user. Conversely, you may find an issue or comment created by your name but you didn't do it.

Environment: JIRA 6.0.x with Apache 2.2.15 as reverse proxy on CentOS 6.2

Answer
Watch
Like Be the first to like this
786 views

1 answer

1 accepted

4 votes
Answer accepted
Vishal Gautam
Vishal Gautam
Contributor
July 2, 2013
CAUSE
We use Apache as reverse proxy (mod_proxy) for JIRA server as it handles ssl and talks to JIRA at port 8080 via ProxyPass. We were also using mod_cache's disk based caching for all urls. Use of mod_cache is known to create problem of session mix ups when Apache is used as reverse proxy with JIRA (see links below). Since Apache had been running possibly as long as the uptime of JIRA server which is 101 days, its cache got into a bad state as seen by errors in ssl_error_log file mentioned below, creating a situation where it started to either drop or mix up JSESSIONID cookie sent by JIRA to client. This results in logout of client or worse session mixups.

Error in ssl_error_log
[Thu Jun 06 23:02:05 2013] [error] (103)Software caused connection abort: cache: error returned while trying to return disk cached data
Links pointing to this problem
RESOLUTION

Restart of Apache itself fixed the issue, but for future following lines have been commented in /etc/httpd/conf/httpd.conf, which is also recommended configuration.

#<IfModule mod_disk_cache.c>
# CacheEnable disk /
# CacheRoot "/var/cache/mod_proxy"
#</IfModule>

View More Comments
Moriah Chandler
Moriah Chandler
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 24, 2013

Won't this affect performance on the UI? We are having this issue (3 hi-jacks in the past 2 weeks) and the security risk it presents is a big deal at my company. But as the admin, I am very concerned about doing anything that may slow the app down. We are already having rendering issues frequently (probably because we are all on the latest dev Chrome).

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.