It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

HttpSession destroyed immediatly after authentication

Have upgraded my Jira installation from 8.0.2 to 8.2.2. Now I can't login anymore. secure/Dashboard.jspa says invalid user or wrong password. But it is not. If I call an issue directly (e.g. /browse/#issueno) I get a login screen and can access the issue. Found no log entries for invalid credentials. In atlassian-jira-security.log are some wierd entries that the user passes the authentication and immediatly the session was destroyed.

2019-07-02 11:01:32,557 http-nio-8081-exec-23 USER 661x1832x1 19p4uas IP:50263,IP /secure/admin/WebSudoAuthenticate.jspa The user 'USER' has PASSED authentication.
2019-07-02 11:01:32,557 http-nio-8081-exec-23 USER 661x1832x1 19p4uas IP:50263,IP /secure/admin/WebSudoAuthenticate.jspa HttpSession [19p4uas] destroyed for 'USER'
2019-07-02 11:01:32,557 http-nio-8081-exec-23 USER 661x1832x1 19p4uas IP:50263,IP /secure/admin/WebSudoAuthenticate.jspa HttpSession created [7qw0ie]

I am running Jira on Windows Server 2012R2 behind IIS with ARR.

1 answer

0 votes
Andy Heinzer Atlassian Team Jul 08, 2019

Hi Andreas,

If I understand correctly, after an upgrade to Jira you can no longer login to Jira on some pages.  Since we know you're using an IIS reverse proxy in front of Jira, it seems likely that this could be a factor in regards to the upgrade itself.

I am curious to see if perhaps your $JIRAINSTALL/conf/server.xml was overwritten during the upgrade.  If so, it could have lost the customizations needed to work with your proxy as expected.  You might want to walk through the guide in Integrating Jira applications with IIS

If that doesn't help, then I'd be interested to see if you can actually try to disable secure administrator sessions in your Jira site.  Steps to do this are in Configuring secure administrator sessions.  I only suggest this because the error messages you posted seem to be the websudo (aka secure administrator) sessions Jira tends to have enabled by default.   It might help to disable this and restart Jira.

If that doesn't help, I would be interested to learn more about your environment, such as, are you utilizing any different authentication or SSO solutions with Jira?  Such as Okta, onelogin, Atlassian Crowd, or alike?  Sometimes these will have different authentication methods than the native ones that Jira ships with.  It might be a factor here if these exists in your environment.

Regards,

Andy

Hi Andy,

thanks for your response. The settings in $JIRAINSTALL/conf/server.xml were overwritten during the upgrade. I restore them every time I do an upgrade. Also this time. As I can see, there are no setting changes in the new release. I also checked the IIS integration as described in Integrating Jira applications with IIS. I checked the settings as described. Looks good. But I am not sure, the connector works. I have no recent entries in the log file.

Andy Heinzer Atlassian Team Jul 22, 2019

That's very strange to see.  I'm curious to see how far this problem extends.  I would be interested to see if you can follow the steps in How to bypass a Proxy and SSL to test network connectivity.  I am interested to learn if the same problem happens when accessing Jira on a port/address that bypasses your IIS proxy.  If it does then the problem is likely not the proxy.  However if we can't recreate on this local connection, it tends to indicate that IIS is a factor here.

I'd be interested to see if perhaps you can generate a HAR file when this attempt to login via the dashboard happens.  I'd be interested to see if the browser console logs are showing any strange errors or pages not loaded there that might help give us more insights into this problem.

Hi Andy, I followed the instructions to bypass the proxy. I can't log on. The behavior is a bit different but the result is the same. If I bypass the proxy I don't get the message that the credentials are not valid. The login screen just refreshs.

I checked the network traffic in the browser and found a lot of 403 and 401 entries. I have made some HAR files (one for localhost, one from outside). How can I secure send you the files?

Like Magnus Tamm likes this
Andy Heinzer Atlassian Team Jul 23, 2019

I created a support case on your behalf for this problem.  You can upload these files and some others I have requested to https://getsupport.atlassian.com/servicedesk/customer/portal/22/JSP-409359

Regards,

Andy

Hey. 

Was this solved. I have the same problem. When logging in to admin panel the login page just refreshes. Sometimes user must try 20 times before successful login.


Edit:

Only one user has this problem. This user uses Confluence on Mac.  Cache is cleared, switched browsers. nothing helps. 

 

Best wishes,

Magnus

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you