Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.0.1
-
None
-
- Reproduced with Chrome and FireFox
-
5
-
Description
- Run JIRA under "/jira" context (http://localhost:8080/jira)
- Go to UPM (plugin manager) and switch to install tab.
- Logout and login to JIRA
Actual: The AJS.conglomerate.cookie is saved under "/" (root context) with a value similar to:
__utma=111872281.2081964729.1332130805.1332130805.1332130805.1; __utmz=111872281.1332130805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); AJS.conglomerate.cookie="||||||upm.tab=install; JSESSIONID=4D26AF92A8827231F3BAF4B7387DD6F2
Notice the missing closing quote in the value.
Now, attempt to login to Confluence running on http://localhost:8090. This cookie will be sent to confluence as well (since it is saved in root) and the application will fail to authenticate the user
Screen recording: http://screencast.com/t/6GwtrTAw
Notes:
- I am uncertain if the cookie will be set to this wrong value just by visiting this install tab (you might have to play a little with UPM to arrive at this state)
- We have confirmed that if the closing quote is added to the cookie, user is able to login successfully to Confluence.
Attachments
Issue Links
- derives
-
JRADEV-19985 Loading...