Loading...

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: None
Affects Version/s: 7.6.7, 9.12.25, 10.3.8
Component/s: User Management - LDAP Integration
Labels:
- pse-request

Introduced in Version:
7.06
Support reference count:
4
Symptom Severity:
Severity 3 - Minor
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Summary

When utilizing Crowd SSO auth to Jira, the crowd.token_key cookie is not removed if a user's Crowd session is expired.

Steps to Reproduce

Configure a Crowd Server
Integrate Jira with Crowd using the SSO Seraph authenticator
Authenticate to Jira as a Crowd user, view browser cookies and observe presence of crowd.token_key cookie
Forcibly expire the user's session in Crowd
Wait for the Crowd session.validationinterval value to expire (2 minutes by default)
Try to load a Jira page, you should be logged out and redirected to login page
Refresh and view cookies, observe that the crowd.token_key cookie is still present.

Expected Results

The cookie should be removed from subsequent requests, as it is with Bitbucket.

Actual Results

Cookie persists, and each attempt to load the page before re-authenticating will perform tens of POST call to the Crowd server for a no-longer extant Crowd session, e.g.: Jira should not check session validation for each HTTP request in the page after getting first 404 Unknown Session from Crowd

[27/Jun/2025:14:09:03 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-20 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:03 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-13 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:03 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-10 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:03 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-17 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:03 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-2 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:03 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-14 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:03 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-16 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:03 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-9 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-7 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-22 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-24 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-25 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-4 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-11 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-1 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-18 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-3 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-19 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-18 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-8 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-21 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-23 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-12 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-15 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-6 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-5 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-20 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-13 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-10 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:10 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-17 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:11 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-2 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:11 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-14 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:11 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-16 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-9 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-7 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-22 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-24 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-25 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-4 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-11 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-1 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-3 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-19 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-18 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-8 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-21 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-23 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-12 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:15 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-15 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:16 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-6 - linux-104357.prod.atl-cd.net
[27/Jun/2025:14:09:16 +0000] Apache-HttpClient/4.5.14 (Java/17.0.15) 172.50.0.2 POST POST /crowd/rest/usermanagement/1/session/bRMy_Cnd6qAA0gxIw1_tjwAAAAAAAoABY3Jvd2R1c2VyMDE HTTP/1.1 147 404 http-nio-8095-exec-5 - linux-104357.prod.atl-cd.net

Jira will retry the POST request 4x+ times before user is redirected to a login page.

Jira should also remove the cookie when it performs the redirect.

is related to

CONFSERVER-56149 crowd.token_key not removed if Crowd session is expired

Closed

relates to

CONFSERVER-56149 crowd.token_key not removed if Crowd session is expired

Closed

mentioned in: Page Loading...

Details

Description

Summary

Steps to Reproduce

Expected Results

Actual Results

Attachments

Issue Links

Forms

Activity

People

Dates