Logging into another Atlassian application logs me out of Confluence

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

  • When logging into another Atlassian application after logging into Confluence, your Confluence session expires and you need to re-authenticate.

  • When saving Confluence page, the following error is shown:

    "Your session has expired. You may need to re-submit the form or reload the page."

  • Atlassian applications such as Jira, Confluence use the same JSESSIONID cookie. Realistically a collision will not be encountered in production, since different applications use different domain names/context path.

Diagnosis

You are running your application stack on the same URL path with the only difference between applications being the port. For instance:

1 2 http://localhost:8080 and http://localhost:8090 http://your.domain.com:8080 and http://your.domain.com:8090

Cause

Atlassian applications store your successful login as a cookie in your browser called the JSESSIONID. Your browser will store this cookie under a path for the domain, which is not port aware. In the above examples, each instance stores the session cookie in the '/' or root path. The JSESSIONID for Confluence is being overwritten by the JSESSIONID of the other Atlassian application.

We have an improvement request to better handle this in product tracked under CONFSERVER-32589 - Configure Tomcat so that it has a unique SESSION_COOKIE_NAME to prevent session overwriting for Confluence.

Solution

Resolution

You may do either of the following to resolve this conflict:

Option 1:

Run each application on a separate context path. Edit the <install>/conf/server.xml and look for the Context tag and change the path variable, like so (requires a restart):

1 2 3 4 5 Confluence: <Context path="/confluence" docBase="${catalina.home}/confluence" reloadable="false" useHttpOnly="true">   JIRA: <Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

ℹ️ See this KB article for more details.

Option 2

Please note that any changes in context.xml is not automatically applied upon Confluence upgrade. You will need to manually re-apply the changes again as part of the Confluence upgrade activity.

  1. Shut down Confluence

  2. Add the sessionCookieName attribute to the <Context> element in <install>/conf/context.xml:

    1 <Context sessionCookieName="CONFLUENCESESSIONID">

ℹ️ NOTE that you must add the "sessionCookieName="CONFLUENCESESSIONID"" inside the Context tag and NOT create a new tag for this setting, otherwise Tomcat will not start correctly.

3. Start Confluence back up

This procedure works on Tomcat 6 and above.

Updated on April 15, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community