Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-43494

Special Characters in username prevents them from creating a new space or new page with template - error message "Your session has expired. Please reload the page to try again." OR "user.session.timed.out"

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      Summary

      Users that contains specific special characters in the username will not be able to create any content in Confluence.

      Steps to Reproduce

      1. Install a vanilla Confluence 5.10.3 or 7.4.4
      2. Add a new user. Name this user userhashtag#
      3. Login as this user
      4. Drop down from Spaces and click the Create Space
      5. Create a page from template via ••• button next to the Create button

      Expected Results

      The space creation dialogue pops up

      Actual Results

      There is an error message displayed in the UI : "Your session has expired. Please reload the page to try again."

      Or error message returned as user.session.timed.out

      Nothing is in the logs

      Notes

      This issue has been observed with the following characters:

      1. '#"
      2. '/'
      3. '?'

      If users are being synchronized from an external directory like JIRA or LDAP that Confluence will successfully synchronize and create the user and allow the user to log in, but they will experience this bug.

      Workaround

      Edit the username to not contain any special characters

        1. create-dialog-timedout.png
          create-dialog-timedout.png
          134 kB
        2. create-space-timedout.png
          create-space-timedout.png
          20 kB
        3. screenshot-1.png
          screenshot-1.png
          36 kB
        4. screenshot-2.png
          screenshot-2.png
          40 kB

            [CONFSERVER-43494] Special Characters in username prevents them from creating a new space or new page with template - error message "Your session has expired. Please reload the page to try again." OR "user.session.timed.out"

            we are running confluence 8.5.9

            all of our user come from external directory, and we are not able to Edit the username.  

            Many of our user have this problem.

            we have 2024, is there a resolution?

            DKB Service GmbH added a comment - we are running confluence 8.5.9 all of our user come from external directory, and we are not able to Edit the username.   Many of our user have this problem. we have 2024, is there a resolution?

            The same error occurs for a user with username "rest".

            The frontend calls /rest/prototype/1/session/check/rest, which results in a 404 error.

            Seen on Confluence 7.12.1.

            Jysk Fynske Medier added a comment - The same error occurs for a user with username "rest". The frontend calls /rest/prototype/1/session/check/rest, which results in a 404 error. Seen on Confluence 7.12.1.

            Hi,

            It seems that it boils down to the GET request made with jQuery not receiving properly encoded URL if the username contains special characters in the sessionCheck function.

            Since the username is obtained from the ajs-remote-user meta tag in the document, this can be worked around by adding a few lines of JS in the Custom HTML configuration of the Confluence instance. E.g. in order to replace all '#' symbols with properly encoded ones, you can add the following in "At end of the HEAD" configuration:

            <script> document.getElementsByName("ajs-remote-user")[0].setAttribute("content", document.getElementsByName("ajs-remote-user")[0].getAttribute("content").replaceAll("#", "%23")); </script>
            

            Hope this helps.

            Cheers,
            George

            George Dinkov (Botron) added a comment - Hi, It seems that it boils down to the GET request made with jQuery not receiving properly encoded URL if the username contains special characters in the sessionCheck function. Since the username is obtained from the ajs-remote-user meta tag in the document, this can be worked around by adding a few lines of JS in the Custom HTML configuration of the Confluence instance. E.g. in order to replace all '#' symbols with properly encoded ones, you can add the following in "At end of the HEAD" configuration: <script> document.getElementsByName( "ajs-remote-user" )[0].setAttribute( "content" , document.getElementsByName( "ajs-remote-user" )[0].getAttribute( "content" ).replaceAll( "#" , "%23" )); </script> Hope this helps. Cheers, George

            How can I get money

            Wendy Poldermans added a comment - How can I get money

              Unassigned Unassigned
              mkhairuliana Monique Khairuliana (Inactive)
              Affected customers:
              11 This affects my team
              Watchers:
              16 Start watching this issue

                Created:
                Updated: