|
[
Permalink
| « Hide
]
Ian Daniel [Atlassian] added a comment - 11/Apr/08 01:56 AM
The user symptom of possibly being affected by this bug is users reporting that they have checked the "Remember my login on this computer" checkbox, but are still getting prompted for login credentials after a period of inactivity.
This bug is present in Tomcat 5.5.26 and Tomcat 6. It is not present in Tomcat 5.5.20. Hence, one workaround for this bug is to use Tomcat 5.5.20.
Another support customer affected by this: JSP-21303
 . Need to fix this for JIRA 3.12.4
Please note that the upgrade of seraph will break the existing "remember me" cookies. So we need to mention this very clearly in the Upgrade Guide for JIRA 3.12.4 and let the support team know.
Something particular problematic on this bug is that it's not documented anywhere that you can't run 3.12.2 (even on the 3.12.2 documentation) on Tomcat 6. I discovered this only after spending quite a bit of time migrating our JIRA infrastructure to Tomcat6.
WorkaroundsThe underlying bug for this issue, SER-117, was fixed in Seraph version 0.38. Seraph 0.38 shipped with JIRA 3.13. Therefore, the easiest fix is to upgrade to JIRA 3.13 (or newer versions, once we release them). If upgrading to 3.13 is not an option, you can update JIRA to Seraph 0.38 (instructions follow), but you must be running JIRA 3.12.3. This is because Seraph 0.38 is not binary-compatible with any version of JIRA prior to JIRA 3.12.3. It is binary-compatible with JIRA 3.12.3. Do not make the following modifications to any JIRA version earlier than 3.12.3. The workaround instructions are: 1. Upgrade to JIRA 3.12.3. 2. Shutdown JIRA 3.12.3. 3. In your JIRA 3.12.3 directory, run "build clean" (Windows) or "./build.sh clean" (Unix). 4. Replace webapp/WEB-INF/lib/atlassian-seraph-0.37.2.jar with atlassian-seraph-0.38.jar 5. In your JIRA 3.12.3 directory, run "build" (Windows) or "./build.sh" (Unix) to produce a new web application. 6. Restart JIRA. 7. Please revert to atlassian-seraph-0.37.2.jar if you have any issues authenticating to your JIRA instance. Important Note The cookie encoding mechanism in Seraph 0.38 is not backward compatible with the previous mechanism. This means that all users, including those who have set the "Remember my login on this computer" checkbox, will be prompted to log in the first time that they access the modified JIRA instance. "Remember my login on this computer" should work fine after this initial login. Another workaround is to instead use Tomcat 5.5.20, as it is not affected by the problem. Mhm. This workaround didn't work for us.
We're testing Jira 3.12.3 / Confluence 2.8.0 on Tomcat 6.0.16. On Jira login we're getting now: User: tried to login but they do not have USE permission or weren't found. Deleting cookie. In confluence the new seraph.jar breaks the application (Doesn' t start due to ClassNotFoundException). In both applications users are not remembered which is quite annoying. Yes. Seraph 0.38 will not work with Confluence 2.8.0, so please don't try to use this version with it.
Hi Wolfram,
I have just re-tried the workaround (JIRA 3.12.3 with Seraph 0.38). I am not getting the problem you describe. Users are able to log in and Remember Me is working, including for usernames that had the problem without the patch in place. I said above that this is an unsupported patch. Having said that, we would like to see if there is a problem that we need to be aware of. As such, I have created a support case for you, https://support.atlassian.com/browse/JSP-23056 Kind regards, — Wolfram reports via his support case that the patch is working now. It was a Tomcat configuration problem that he has fixed. The patch is working.
Can I get information about the patch?
We are using Jira, Version: 3.12.3 and Confluence 2.8.2 and are having the same issue. Would we have to upgrade to 3.13? Hi Sheri,
The patch is needed for JIRA 3.12.3. It is not needed for JIRA 3.13 as JIRA 3.13 ships with the fix. Cheers, Hi Sheri,
The patch is described here You would not have to upgrade to 3.13 to use the patch. However if you do upgrade to 3.13, you will not require that patch, as it ships as part of JIRA 3.13. According to the Confluence issue for this problem Kind regards, |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Task
Resolved
Critical
Fix the seraph.os.cookie from failing on Tomcat by upgrading atlassian-seraph
