Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

User is unintentionally logged in as other user

Hello all,

we are running a Jira server with crowd connection to a Windows AD.

I have received a report of some strange behavior, which unfortunately I can neither reproduce nor verify. 2 different employees have reported to me, independently and staggered in time, that they were suddenly logged in as a different user after logging in. It can be assumed that they saved their own login data in the browser and only pressed the "Login" button. The users they were then suddenly in Jira probably never logged in on the same machine.

Does anyone have any idea what this could be due to? What confgiurations could lead to such security related behavior. Where would I be able to track this in the logs if applicable?

Thank you very much.

3 answers

This has also just affected me on our instance (Jira DataCenter 8.20.10) - working as normal and then suddenly I was a different user and the popup regarding my timezone being different from the one in my profile was alerting. We appear to have come under a DDoS attack on Monday but this was mitigated but not sure if this is an ongoing part of the attack or something different?

We are in no position to upgrade to 9.x as we haven't done any testing in UAT but are considering an upgrade to 8.20.22 if there are known security fixes that could relate to this


Other than username and password, users can perform actions using authentication tokens. Please check the tokens and rewoke the ones you don’t want. 

Unfortunately I can not provide a solution for this issue but I can tell, that yesterday we had a very similar issue on our site (Jira 8.20 DataCenter): One already logged-in userA suddenly appeared to be logged in as a different userB. From the logs (atlassian-jira.log and atlassian-jira-security.log) I can tell, that both users were already logged-in and working on different machines (different IP-Addresses were logged for the user actions). Then suddenly the logged actions for userB changed: The logged IP Address was then the one of the other userA. There were no login/logout actions in that time period as well as no destroyed user sessions visible in the logfiles. 

Any ideas about reasons or solutions would be very appreciated from me as well.


Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events