Our standalone 6.2.1 Jira instance constantly redirects users back to the login screen particularly when an edit operation has just been undertaken. We've had this issue for 2.5 years, the previous version of Jira we used being 5.1.4.

We have added the jira.xsrf.enabled=false setting to the jira-application.properties file, it does't make any difference.

It's not a browser cookies issue as I have checked the cookies before and after being redirected to the login page and they still exist and are current. In addition if I hit refresh on the login page a number of times (sometimes up to a dozen) it will auto-magically log me back in and take me to my home page.

We are getting messages containting the text below in the jira log file:

[jira.web.action.XsrfErrorAction] The security token is missing for 'anonymous'

This issue is particularly painful as the login page redirect can occasionally happen on every 5 to 10 requests. At other times it might not happen for a week.

Any suggestions on where or what to look at?