Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-27574

AJS.conglomerate.cookie can be written with invalid data that prevents other Atlassian applications from logging in.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 5.0.3
    • 5.0.1
    • None
      • Reproduced with Chrome and FireFox

    Description

      • Run JIRA under "/jira" context (http://localhost:8080/jira)
      • Go to UPM (plugin manager) and switch to install tab.
      • Logout and login to JIRA

      Actual: The AJS.conglomerate.cookie is saved under "/" (root context) with a value similar to:

      __utma=111872281.2081964729.1332130805.1332130805.1332130805.1; __utmz=111872281.1332130805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); AJS.conglomerate.cookie="||||||upm.tab=install; JSESSIONID=4D26AF92A8827231F3BAF4B7387DD6F2

      Notice the missing closing quote in the value.

      Now, attempt to login to Confluence running on http://localhost:8090. This cookie will be sent to confluence as well (since it is saved in root) and the application will fail to authenticate the user

      Screen recording: http://screencast.com/t/6GwtrTAw

      Notes:

      • I am uncertain if the cookie will be set to this wrong value just by visiting this install tab (you might have to play a little with UPM to arrive at this state)
      • We have confirmed that if the closing quote is added to the cookie, user is able to login successfully to Confluence.

      Attachments

        Issue Links

          derives

          JRADEV-19985 Loading...

          Activity

            People

              rsmart metapoint
              farmas Federico Silva Armas [Atlassian]
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: