Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

xsrf token expire and admin session

Jens Nachtigal
Jens Nachtigal February 19, 2020

Good afternoon,

we have moved Jira from Linux to Windows & https
The software works very well so far. The only problem is that the xsrf -token runs on every change, new task or project etc.
Logging in/out does not only help to reset the browser or delete cookies.
We also have the problem that you always have to log into the admin-backend like new, because the session is lost here

Answer
Watch
Like Be the first to like this
742 views

1 answer

0 votes
Thomas Deiler
Thomas Deiler
Community Champion
February 19, 2020

Dear @Jens Nachtigal ,

this sounds like a web server issue. Are you using Apache, IE or Tomcat? How was the former configuration?

So long

Thomas

PS: Why did you move from Linux to Win?

View More Comments
Jens Nachtigal
Jens Nachtigal February 19, 2020

We use default Tomcat on windows server.

Ic change the server.xml for https:

 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
connectionTimeout="20000" bindOnInit="false"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
sslEnabledProtocols="TLSv1.2,TLSv1.3"
clientAuth="false" useBodyEncodingForURI="true"
keystorePass="password" keystoreFile="file:///C:/keyfile.jks"
keyAlias="tomcat" keystoreType="JKS"/>
Like
Jens Nachtigal
Jens Nachtigal February 19, 2020

image.png

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 19, 2020

Dear @Jens Nachtigal ,

I made not positive experience by terminating SSL connections with Tomcat. That's also not really recommended by Atlassian. Instead install a reverse proxy in front of, like apache or nginx.

For nginx you can read my article.

For apache best perform this search.

So long

Thomas

Like
Jens Nachtigal
Jens Nachtigal February 20, 2020

For Bitbucket / Bamboo it works.

Only Jira has these errors. An extra webserver for this is no solution for us.
It is described here that it should basically work: https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security