This looks like a bug that was fixed in JIRA 3.6.1 - JRA-4945. Can I confirm that you are using JIRA 3.10?

Would you be able to explain, when A or B happen? Does the behaviour appear random?

When B happens, do you know how long "some time" is? By default JIRA sessions time out after 1 hour. Do you know if in your instance of JIRA the timeout is still 1 hour? Are you sure that the time out does not simply happen as expected, i.e. after the configured period of time?

Cheers,
Anton

Thanks for bringing this up to us. May I know whether you have checked on the "Remember my login on this computer"? If you did not "check" on the "Remember my login on this computer", you will be requested to re-login in the new IE window even though you have logged in to JIRA in another IE window. However, this behavior only happen in Internet Explorer.

May I know how many users are affected to this problem? (Add on Anton's question)

Cheers,
Eddie

• we are using JIRA 3.10
• Some time is shorter than 1hr (the individual that reported this talked about less than 10 minutes)
• Remember my login is not enabled
• Seems to be a handful of users affected. Many of our developers use Firefox

Thanks for your reply. However, I am not able to replicate your problem in our local instance. Can you please recommend the users to check on the "Remember my login on this computer" checkbox before logging in to JIRA? It will save a cookie in the browser and will not request the user to login again.

Cheers.
Eddie

This is the result that we find out. We have changes the session timeout to 3 minutes and modified the AccessLogFilter to track the browse header and session id.

<!-- Firefox windows 1 -->
2008-01-29 18:01:54,281 http-8090-Processor4 INFO [jira.web.filters.AccessLogFilter] eddie.kua Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 07D6538EB8D63FE78F112D1F8FBEFF36 http://localhost:8090/secure/IssueNavigator.jspa 112453-4995 3828
2008-01-29 18:01:54,281 http-8090-Processor4 INFO [jira.web.filters.AccessLogFilter] eddie.kua Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 07D6538EB8D63FE78F112D1F8FBEFF36 http://localhost:8090/secure/IssueNavigator.jspa 112453-4995 3828
2008-01-29 18:05:28,328 http-8090-Processor4 INFO [jira.web.filters.AccessLogFilter] eddie.kua Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 07D6538EB8D63FE78F112D1F8FBEFF36 http://localhost:8090/secure/ViewProfile.jspa 100313+1059 485
2008-01-29 18:05:28,328 http-8090-Processor4 INFO [jira.web.filters.AccessLogFilter] eddie.kua Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 07D6538EB8D63FE78F112D1F8FBEFF36 http://localhost:8090/secure/ViewProfile.jspa 100313+1059 485


<!-- Firefox windows 2 -->
2008-01-29 18:03:36,390 http-8090-Processor3 INFO [jira.web.filters.AccessLogFilter] eddie.kua Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 07D6538EB8D63FE78F112D1F8FBEFF36 http://localhost:8090/secure/Dashboard.jspa 112105-9182 2000
2008-01-29 18:03:36,390 http-8090-Processor3 INFO [jira.web.filters.AccessLogFilter] eddie.kua Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 07D6538EB8D63FE78F112D1F8FBEFF36 http://localhost:8090/secure/Dashboard.jspa 112105-9182 2000
2008-01-29 18:08:07,328 http-8090-Processor3 INFO [jira.web.filters.AccessLogFilter] eddie.kua Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 07D6538EB8D63FE78F112D1F8FBEFF36 http://localhost:8090/browse/JSP-1082 99341+11872 3000
2008-01-29 18:08:07,328 http-8090-Processor3 INFO [jira.web.filters.AccessLogFilter] eddie.kua Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 07D6538EB8D63FE78F112D1F8FBEFF36 http://localhost:8090/browse/JSP-1082 99341+11872 3000

Based on the result above, firefox is using the same session id. Thus, when user is using another window, it will not require user to login again.

<!-- IE7 windows 1 -->
2008-01-29 18:10:36,937 http-8090-Processor4 INFO [jira.web.filters.AccessLogFilter] zhenyueh.lean Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 8B37F69B4AC0B446ED6EFAFAE6889B59 http://localhost:8090/secure/IssueNavigator.jspa 107379-4381 2000
2008-01-29 18:10:36,937 http-8090-Processor4 INFO [jira.web.filters.AccessLogFilter] zhenyueh.lean Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 8B37F69B4AC0B446ED6EFAFAE6889B59 http://localhost:8090/secure/IssueNavigator.jspa 107379-4381 2000
2008-01-29 18:14:26,796 http-8090-Processor3 INFO [jira.web.filters.AccessLogFilter] - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 9D3B1B150139CADAA2A0DFDD557C82E7 http://localhost:8090/login.jsp 92325-50 0
2008-01-29 18:14:26,796 http-8090-Processor3 INFO [jira.web.filters.AccessLogFilter] - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 9D3B1B150139CADAA2A0DFDD557C82E7 http://localhost:8090/login.jsp 92325-50 0

<!-- IE7 windows 2 -->
2008-01-29 18:12:20,375 http-8090-Processor1 INFO [jira.web.filters.AccessLogFilter] zhenyueh.lean Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 475B225F697D5BAC78641C33C41DF062 http://localhost:8090/secure/ 102968-169 16
2008-01-29 18:12:20,375 http-8090-Processor1 INFO [jira.web.filters.AccessLogFilter] zhenyueh.lean Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 475B225F697D5BAC78641C33C41DF062 http://localhost:8090/secure/ 102968-169 16
2008-01-29 18:15:05,781 http-8090-Processor1 INFO [jira.web.filters.AccessLogFilter] zhenyueh.lean Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 475B225F697D5BAC78641C33C41DF062 http://localhost:8090/secure/project/ViewProjects.jspa 92023-273 47
2008-01-29 18:15:05,781 http-8090-Processor1 INFO [jira.web.filters.AccessLogFilter] zhenyueh.lean Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) 475B225F697D5BAC78641C33C41DF062 http://localhost:8090/secure/project/ViewProjects.jspa 92023-273 47

From what we can see above, the 2 windows are having different session id. Therefore, the two broswers will have two different session timeout. In the IE7 windows 1, it has passed session time, therefore it requires the user to login again. The IE7 windows 2, it is still within the session time and it can continue the process.

Cheers,
Eddie

Thanks for the detective work! Looks like we are moving forward.

So let me make sure I fully understand what is going on.

It looks like different IE windows can have different session cookies. Is this right?

Do different windows get different session cookies only when both IE windows are opened first, then one of them is used to access and log into JIRA, then the other windows is used to access JIRA? Or does opening second IE window, even after logging into JIRA using the first windows always use a different session cookie?

In you comment above the first 2 lines under the "IE7 windows 1" heading have a different session cookier than the next 2 lines under that heading. May I ask why? Aren't both requets made from the same IE Window (i.e. window 1) so the session cookies should be the same.

The user has also reported that they sometimes see an infinite redirect when trying to login. Can we reproduce this infinite redirect?

Cheers,
Anton

You are welcome

It looks like different IE windows can have different session cookies. Is this right?

Do different windows get different session cookies only when both IE windows are opened first, then one of them is used to access and log into JIRA, then the other windows is used to access JIRA? Or does opening second IE window, even after logging into JIRA using the first windows always use a different session cookie?

Yes, it is. IE is using different session id for different windows whereas firefox uses the same session id. Every new IE window requires me to log in even though I have already logged in at another window. In addition to this, each window (session id) has its own time out counter.

In you comment above the first 2 lines under the "IE7 windows 1" heading have a different session cookier than the next 2 lines under that heading. May I ask why? Aren't both requets made from the same IE Window (i.e. window 1) so the session cookies should be the same.

I purposely make the the "IE7 windows 1" browse time out (I have configured session-timeout for 3 minutes). Once the browser has time out, the server will provide another session id to the browser. This is why that two different session id on the same windows.

I am not able to reproduce the user problem (such as infinite redirect). This look like user envirnoment problem more than data problem. Thus, getting user data might not helpful.

However, I will catch up with the user. If he still experience the problem, I will refer him to SAC and help him from their.

Cheers,
Eddie

Did the workaround solve your problem? May I know whether the problem still occurs? If the problem still occurs, please do not hesitate to tell us. I will create a support request for you. We will help you from there.

Cheers,
Eddie

Best regards,
Helgi Sigurdsson | Chief Architect | Infor | +1-404.509.8246 |
helgi.sigurdsson@infor.com

Thanks for getting back to me.

I cannot seem to replicate the problem with IE 7 when I visit jira.atlassian.com. Multiple browser window seem to have me logged in, even when I log in only from one widnow. I do not use the remember me check box.

Is there a specific setting that you need to set in IE 7 to make different browser windows use different session cookies?

Can you replicate the problem, everytime with IE 7. Does this happen on more than one machine?

The reason I ask is that IE (at least version 5.5) decides to open up a new browser window as a new thread or process, depending (I believe) on the amount of memory that exists in the machine. I am not sure if this is the same problem, as I thought it was fixed in more recent versions of IE.

Can you replicate the problem against jira.atlassian.com? If yes, can you give me the exact replication steps?

Cheers,
Anton

I am happy to do all these testing. It can build up my knowledge as well

I found that this is a weird behavior of IE. For example, I open the IE window and log in, then open a new browser windows via File -> New Window (or Ctrl + N), the same session id will be used and I can login to JIRA automatically.

However, if I launch another new IE window via quick launch bar or Internet Explore icon, a new session id will be generated and it requires me to provide login details.

(* Tested on jira.atlassian.com)

This look like the behavior of IE.

Cheers,
Eddie

If the IE browser windows are started from within IE (e.g. by using Ctrl + N), the windows share the session.