Add cookies "ajs_user_id" and "ajs_anonymous_id" on the subdomain

XMLWordPrintable

    • 1
    • 3

      When administration sections is accessed on Jira (or Confluence), the requests generates two additional cookies:

      • ajs_user_id
      • ajs_anonymous_id

      These cookies are being generated under a different domain than the other cookies.

      Example:

      • All other cookies (like JSESSIONID) has domain like "jira.mydomain.com"
      • These two cookies "ajs_user_id" and "ajs_anonymous_id" have the domain ".mydomain.com" (this is not considering the subdomain).

      Issue

      This is causing security issues since there are other apps under the same domain (but with different subdomains).

      Expected Result

      The domain of the cookies are under the same domain as the other cookies (like JSESSIONID).

      Workaround

      There is no workaround.

            Assignee:
            Unassigned
            Reporter:
            Henrique Girardi (Inactive)
            Votes:
            6 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated: