User hijacking problem that occurs along with number format exception

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Problem

This will generally occur if you are using some form of custom authentication.

What happens:
1. User 'A' logged into their crucible account.
2. User 'B' logged into their crucible account on another PC.
3. when user 'A' refresh their browser (or send new HTTP request), their account changes to user 'B' or other account.

The following error always occurs in the log when this happens:

2009-03-31 10:57:43,867 ERROR [btpool0-71] org.mortbay.log sun.reflect.GeneratedMethodAccessor991-invoke - EXCEPTION
java.lang.NumberFormatException: uC
at org.mortbay.util.TypeUtil.parseInt(TypeUtil.java:345)
at org.mortbay.util.URIUtil.decodePath(URIUtil.java:197)
at org.mortbay.jetty.Request.getCookies(Request.java:416)
at org.mortbay.jetty.servlet.SessionHandler.setRequestedId(SessionHandler.java:225)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:135)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:829)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)

Cause

The NumberFormatException is an error with Jetty's cookie processing and is a symptom of this issue. FE-1369 has been raised on the Atlassian bug tracking system to upgrade the version of jetty bundled with Fisheye.

Resolution

Upgrade to a later Fisheye version to take advantage of the fixes of FE-1369.

Last modified on Jul 31, 2018

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.