The in-memory cache used by Crowd for session tokens expires those tokens after 5 minutes of inactivity, ignoring the session timeout specified in the Crowd Console. To adjust the time-out, you need to alter the file used to configure the cache and restart Crowd.

For Crowd versions prior to 1.4, please add the following entry to the <CROWD>/crowd-webapp/WEB-INF/classes/crowd-ehcache.xml file:

<cache name="com.atlassian.crowd.model.token.Token"
        maxElementsInMemory="50000"
        eternal="true"
        overflowToDisk="false"
        diskPersistent="false"/>

Crowd versions 1.4 to 1.6 need modification of an existing entry in the <CROWD>/crowd-webapp/WEB-INF/classes/crowd-ehcache.xml file. Change eternal to true in the entry below:

<defaultCache
        maxElementsInMemory="10000"
        eternal="true"
        overflowToDisk="false"
        timeToIdleSeconds="300"
        timeToLiveSeconds="300"
        diskPersistent="false"
        diskExpiryThreadIntervalSeconds="120"/>

For Crowd 2.0 the following 2 caches need to be added to the crowd-ehcache.xml

<cache name="com.atlassian.crowd.model.token.Token.random-hash-cache"
        maxElementsInMemory="10000"
        eternal="true"
        overflowToDisk="false"
        diskPersistent="false"
        />

<cache name="com.atlassian.crowd.model.token.Token.identifier-hash-cache"
        maxElementsInMemory="10000"
        eternal="true"
        overflowToDisk="false"
        diskPersistent="false"
        />

For more technical readers: This means that Crowd's internal cache will hold onto the tokens until our token-expiration process removes them, at the time specified in the Crowd Console. Prior to this, the cache would remove the tokens after its default timeout of five minutes.