Uploaded image for project: 'Jira Service Management Cloud'
  1. Jira Service Management Cloud
  2. JSDCLOUD-9544

Session cookie auth does not work cross-site in Chrome for portal-only customers


      Issue Summary

      Portal-only customers cannot authenticate cross-site requests to the JSM public API (e.g. to /rest/servicedeskapi/knowledgebase/article?query=article) using session-cookie-based auth in Chrome.

      This is likely due to recent changes in Chrome to phase out third-party cookie usage (similar to what Safari has done: https://jira.atlassian.com/browse/JSDCLOUD-9287) in Chrome by 2022.

      For now, this issue can be fixed by explicitly setting the `SameSite` value for customer account session cookies.


      Steps to Reproduce

      1. Set up a service project in JSM with knowledge base
      2. Create a portal-only user with access as a customer on this service project
      3. Try to search and view the knowledge base authenticated as the portal-only customer from within a third party app (e.g. Refined Theme).

      Expected Results

      The portal-only customer can view the knowledge base article (same as an Atlassian account)

      Actual Results

      The user sees an error that "The action requires a logged in user. Please log in and try again." The API request fails with a 401 response.


      Use a different browser (e.g. Firefox).

            Unassigned Unassigned
            aolrich Andrea
            10 Vote for this issue
            13 Start watching this issue