Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

XSRF Security Token Missing when editing an issue

serge calderara
serge calderara
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 3, 2020

Dear all,

when I edit an issue in our Jira server instance, time to time we get a strange warning which is really enoying all our users.

I have check the log entry but notthing related to this error pops up

Any idea what could be the issue ?

It has appen since yesrday but no jira instance update has been made.

We are using Jira Server 8.4.3

Thanks for help

regards

Answer
Watch
Like # people like this
6139 views

4 answers

1 accepted

1 vote
Answer accepted
Albert Manuel
Albert Manuel
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 6, 2020

After hours and hours of researching and investigation, i found the solution. I will post it here for other that might have the same problem.

 

 

  • Go to <Jira-installation-directory>/conf, and edit the server.xml file.
  • Add relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;" to the connector properties in server.xml. For example:
  • Add this line into the connector:
    <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>
  • Restart Jira.

This solved my problem.

 

The problem is in fact with tomcat wich is filtering out requests that contain special characters.

View More Comments
Jason Chang
Jason Chang October 15, 2020

Unsung hero, thanks for going around and posting this fix.

Like
Reply
1 vote
asterr
asterr December 19, 2021

I had a similar issue that start for one user profile (Chrome) a couple of days ago.


On further inspection, the following cookies were missing for the jira site (Server):

- atlassian.xsrf.token

- JSESSIONID

 

If the same user logged in with the same Chrome, but incognito mode, the cookies were created correctly.  However, logging out and logging back in the problem profile failed to create those cookies.


The solution that worked in this case was:

1. In Chrome Inpect.

2. Application -> Storage -> Clear site data 

 

This only cleared the storage for the JIRA site.

As soon as the storage was cleared, the cookies were created.  The user did not need to logout / log back in.

Reply
0 votes
Adrian Stephen
Adrian Stephen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 7, 2020

Hi @serge calderara 

 

Can you confirm that URL used by the user is the same as configured at :

  • on the server.xml file 
  • the baseurl configuration in Jira

If the user is using a different URL to access Jira, there is a possibility that they will run into this error message. 

There are other possible root causes here: 

Reply
0 votes
Andrew Morin
Andrew Morin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 3, 2020

I know for my users this is usually due to an expired session. Logging out and back in fixes the issue.

View More Comments
sc
sc January 6, 2020

What do you mean by expired session ? if session is expired the application should prompt you to login page automatically no ?

can you explain ?

In my case users get back to work this morning and theire surely login correctly from start so could not be same as you I guess

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events