When a user logins or fails to login JIRA updates a number of attributes that are stored in the CWD_USER_ATTRIBUTES table. Because of the SPI contract multiple values may be stored against any attribute and JIRA handles this situation by deleting all the values associated with this user_id attribute_name pair and then inserting the new values.

This behaviour is very poorly handled by postgresql. This behaviour is greatly exacerbated by bots which may use basic auth and authenticate with each incoming request, resulting in thousands of logins for the same user per day.