User session changed or hijacked in Jira server integrated with IIS

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

Users will notice their login session unexpectedly changes to a different user when it should not be (the user as shown in the upper-right corner).

Cause

There have been reported issues from users running JIRA behind Microsoft's Internet Information Services (IIS) with Output Caching enabled.

Resolution

Disable Output Caching in IIS:

  1. On the Site Home screen in IIS Manager double click on "Output Caching"

  2. On the right side under Actions, click on Edit Feature Settings

  3. Uncheck Enable Cache and Enable kernel cache

  4. Click OK

Updated on April 8, 2025

Still need help?

The Atlassian Community is here for you.