I was evaluating Jira Service Managment last week. Along the way, some Jira product installed a cookie on my browser without my permission. The cookie is "ajs_anonymous_id".
The cookie begins and ends with the %22 character, which triggers some firewalls (Sophos UTM) to think this is a SQL Injection attack.
The end result is I spent all weekend troubleshooting why my browser (Brave) was unable to access ANY of our internal systems, and was getting locked out of resources for possible SQL Injection attacks.
Question: is anyone familiar with this cookie and is the source Jira? I'm seeing conflicting evidence on this.
OK, I confirmed that this is coming from Jira.
I deleted the help-desk widgets from all my web sites, and I had to manually go and delete the Jira cookies from browsers. Systems are back up now.
Atlassian: you are using illegal and unconventional characters in your cookie. You are breaking applications.
First, why are you putting %22 at the beginning and ending of the cookie value?
Second, WHY is there such a cookie AT ALL? This appears to be an attempt to track people who do not want to be tracked. Am I wrong?
We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan. &nb...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events