Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira creates corrupt cookie that breaks multiple websites

Phil Tull
Phil Tull February 16, 2021

I was evaluating Jira Service Managment last week.  Along the way, some Jira product installed a cookie on my browser without my permission.  The cookie is "ajs_anonymous_id".

The cookie begins and ends with the %22 character, which triggers some firewalls (Sophos UTM) to think this is a SQL Injection attack.

The end result is I spent all weekend troubleshooting why my browser (Brave) was unable to access ANY of our internal systems, and was getting locked out of resources for possible SQL Injection attacks.

 

Question: is anyone familiar with this cookie and is the source Jira?  I'm seeing conflicting evidence on this.

Answer
Watch
Like Be the first to like this
294 views

1 answer

0 votes
Phil Tull
Phil Tull February 16, 2021

OK, I confirmed that this is coming from Jira.

I deleted the help-desk widgets from all my web sites, and I had to manually go and delete the Jira cookies from browsers.  Systems are back up now.

 

Atlassian: you are using illegal and unconventional characters in your cookie.  You are breaking applications.

First, why are you putting %22 at the beginning and ending of the cookie value?

Second, WHY is there such a cookie AT ALL?  This appears to be an attempt to track people who do not want to be tracked.  Am I wrong?

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events