Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

XSRF Security Token Missing when editing an issue

Dear all,

when I edit an issue in our Jira server instance, time to time we get a strange warning which is really enoying all our users.

I have check the log entry but notthing related to this error pops up

Any idea what could be the issue ?

It has appen since yesrday but no jira instance update has been made.

We are using Jira Server 8.4.3

Thanks for help


4 answers

1 accepted

1 vote
Answer accepted

After hours and hours of researching and investigation, i found the solution. I will post it here for other that might have the same problem.



  • Go to <Jira-installation-directory>/conf, and edit the server.xml file.
  • Add relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;" to the connector properties in server.xml. For example:
  • Add this line into the connector:
    <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>
  • Restart Jira.

This solved my problem.


The problem is in fact with tomcat wich is filtering out requests that contain special characters.

Unsung hero, thanks for going around and posting this fix.

0 votes
asterr I'm New Here Dec 19, 2021

I had a similar issue that start for one user profile (Chrome) a couple of days ago.

On further inspection, the following cookies were missing for the jira site (Server):

- atlassian.xsrf.token



If the same user logged in with the same Chrome, but incognito mode, the cookies were created correctly.  However, logging out and logging back in the problem profile failed to create those cookies.

The solution that worked in this case was:

1. In Chrome Inpect.

2. Application -> Storage -> Clear site data 


This only cleared the storage for the JIRA site.

As soon as the storage was cleared, the cookies were created.  The user did not need to logout / log back in.

0 votes
Adrian Atlassian Team Jan 07, 2020

Hi @serge calderara 


Can you confirm that URL used by the user is the same as configured at :

  • on the server.xml file 
  • the baseurl configuration in Jira

If the user is using a different URL to access Jira, there is a possibility that they will run into this error message. 

There are other possible root causes here: 

I know for my users this is usually due to an expired session. Logging out and back in fixes the issue.

What do you mean by expired session ? if session is expired the application should prompt you to login page automatically no ?

can you explain ?

In my case users get back to work this morning and theire surely login correctly from start so could not be same as you I guess

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you