Summary

API calls Generate Logoff event for all users on system

Environment

JIRA Cloud

Steps to Reproduce

With Incoming API requests to JIRA or Confluence, On Random API calls the JIRA system sends an additional Verification request as an anonymous user system account, then sends a secondary logoff event for the anonymous session without a token as described in https://jira.atlassian.com/browse/CWD-2842 , causing all users to be logged off of the system.

• No Definite time interval can be identified, and has been seen to occur as often as every 3 min and spaced out as far as 5 hours
• But it is a steady interval per instance, indicating rate of request causing the log-off event

Expected Results

• API calls do not cause force log-off event

Actual Results

• All users logged of system at a timed interval
  The below exception is thrown in the logs:

  @40000000554b9a6b099afdf4 2015-05-07 12:01:21,159 TP-Processor19 WARN [engine.jdbc.spi.SqlExceptionHelper] SQL Error: 0, SQLState: 23505
  @40000000554b9a6b099b01dc 2015-05-07 12:01:21,159 TP-Processor19 ERROR [engine.jdbc.spi.SqlExceptionHelper] ERROR: duplicate key value violates unique constraint "cwd_token_identifier_hash_key"
  @40000000554b9a6b099b05c4 2015-05-07 12:01:21,159 TP-Processor19 ERROR [jdbc.batch.internal.BatchingBatch] HHH000315: Exception executing batch [could not perform addBatch]
  

  then triggers log off event:

  TP-Processor15 INFO [crowd.manager.authentication.TokenAuthenticationManagerImpl] Removing all user and application tokens
  

Notes

Due to some recent API changes session tokens are being removed frequently. Hence, users are being logged out quite often. For this to be resolved all the applications need to be using the latest version of embedded crowd and that version is 2.8.3.

Workaround

No Workaround currently available