Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72116

Add cookies "ajs_user_id" and "ajs_anonymous_id" on the subdomain

XMLWordPrintable

    • 1
    • 3
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      When administration sections is accessed on Jira (or Confluence), the requests generates two additional cookies:

      • ajs_user_id
      • ajs_anonymous_id

      These cookies are being generated under a different domain than the other cookies.

      Example:

      • All other cookies (like JSESSIONID) has domain like "jira.mydomain.com"
      • These two cookies "ajs_user_id" and "ajs_anonymous_id" have the domain ".mydomain.com" (this is not considering the subdomain).

      Issue

      This is causing security issues since there are other apps under the same domain (but with different subdomains).

      Expected Result

      The domain of the cookies are under the same domain as the other cookies (like JSESSIONID).

      Workaround

      There is no workaround.

              Unassigned Unassigned
              e92f396700a6 Henrique Girardi (Inactive)
              Votes:
              6 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: