SonarQube logs me out on any save operation

I recently installed SonarQube on Ubuntu 16. I confirmed in my installed Eval system under Administration>System matches the license Key I was given. What I am now seeing that the SonarQube web app logs me out whenever I try to do something that creates an object or saves something like the license key. This includes trying to create a project or connect to github. I checked all possible logs, including sonar, web, nginx, postgres, and elasticsearch and they all look fine and healthy. Has anyone seen this logout problem immediately after installation and configuration of SonarQube? If feel like it’s hitting an unhandled exception that does not show up in any of the logs.

Hi @normmkatz1,

In order to investigate what’s going on you need to active the DEBUG logs :

  • Go to Administration > System
  • Change the logs level to DEBUG
  • Do any operation that logs you out and check logs/web.log

Julien Lancelot

When I tried to change the level to DEBUG, I got this red error: The request cannot be processed. Try again later.
The access log indicated a 401. Domain and port redacted for security. - - [16/Apr/2019:18:44:02 +0000] “POST /api/system/change_log_level HTTP/1.0” 401 - “http://mydomain:myport/admin/system?expand=System” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36” “AWoU7jbNdowEyK2dAABu” - - [16/Apr/2019:18:44:02 +0000] “GET /js/350.m.f884ee85.chunk.js HTTP/1.0” 200 561 “http://mydomain:myport/admin/system?expand=System” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36” “AWoU7jbNdowEyK2dAABv” - - [16/Apr/2019:18:44:02 +0000] “GET /api/users/identity_providers HTTP/1.0” 200 24 “http://mydomain:myport/sessions/new?return_to=%2Fadmin%2Fsystem%3Fexpand%3DSystem” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36” “AWoU7jbNdowEyK2dAABw”

I updated log level to DEBUG in and restarted. Now seeing this in web.log:
2019.04.16 19:31:01 DEBUG web[AWonoQnkRQ6xbFJgAAAm][auth.event] login failure [cause|Wrong CSFR in request][method|JWT][provider|LOCAL|local][IP||][login|admin]

The error log you’ve reported says “Wrong CSFR in request” : it seems you’re proxy prevent the CSFR cookie to be returned from the server to the web navigator.
Could you please check your proxy configuration ?

I haven’t installed any kind of proxy. Just using nginx web server. I’ll have to search to see if there’s some setting in their config preventing this.

The problem probably comes from the nginx configuration. You can find documentation here: Please come back to us if the configuration snippet should be completed.


I have the same issue:

2019.05.03 18:35:37 DEBUG web[AWqADWxn4X3fgk8IAAAS][auth.event] login failure [cause|Wrong CSFR in request][method|JWT][provider|LOCAL|local][IP|0:0:0:0:0:0:0:1|][login|admin]

I’m using the NT Service in Windows 10 accesing with Chrome to http://localhost:9000/, version 7.7

In every Post operation I get logout.

I get this in Chrome | F12 | Network:

1. Request URL:


  2. Request Method:


  3. Status Code:


  4. Remote Address:


  5. Referrer Policy:


1. Response Headersview source

  1. Content-Length:


  2. Date:

Fri, 03 May 2019 23:44:17 GMT

  3. X-Content-Type-Options:


  4. X-Frame-Options:


  5. X-XSS-Protection:

1; mode=block

2. Request Headersview source

  1. Accept:


  2. Accept-Encoding:

gzip, deflate, br

  3. Accept-Language:


  4. Cache-Control:


  5. Connection:


  6. Content-Length:


  7. Content-Type:


  8. Cookie:


SL_G_WPT_TO=es; SL_GWPT_Show_Hide_tmp=undefined; SL_wptGlobTipTmp=undefined; ASP.NET_SessionId=1jlwaaijjbblzrwksdhxq5wh; bxs=1=BXC05.00.00.00:G/xMR01CA126Y11Z30yt21VNWf9lPPFsobOX3siPDqYOKnjWa1OZ4jHfwjYddJG7/zOxcDrfu9n3kbFH2ytk6iFRopIG9u7A==&2=12&3=U=14; JWT-SESSION=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJBV3FBRlZONGExcTNaRk5qR0hSViIsInN1YiI6ImFkbWluIiwiaWF0IjoxNTU2OTI3MDQyLCJleHAiOjE1NTcxODYyNDIsImxhc3RSZWZyZXNoVGltZSI6MTU1NjkyNzA0MjQyNCwieHNyZlRva2VuIjoiazJrOG04NzlmbG11cmdqbmZhaG10YWE5NzQifQ.5Kb6YUNsHxt3yWWmznH0kFzC-mxY0_pWZCo6ziwLjsY

  9. Host:


  10. Origin:


  11. Pragma:


  12. Referer:


  13. User-Agent:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

3. Form Dataview sourceview URL encoded

  1. login:


  2. name:


  3. password:


  4. (empty)

Any suggestions?


Ok, I’ve found the answer, the cookies must have something wrong, I delete all cookies and re login again and it works, cookies now are:


SL_G_WPT_TO=es; SL_GWPT_Show_Hide_tmp=undefined; 
SL_wptGlobTipTmp=undefined; XSRF-TOKEN=vlir8h79v3vv0dskc4clgtg32a; 

And it works.

Ok, thanks for letting us how you’ve fixed this issue !

I saw the same Wrong CSRF token message in my logs.

In my case I had to remove HTTPOnly from proxy_cookie_path in my nginx configuration. I am using https and only needed Secure. Note that you have to clear old cookies from your browser after updating nginx.

More info here


@ashokgadeking your response helped my problem, thank you very much!

1 Like