Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-54142

Session Timeout not respected in Confluence in Tomcat web.xml file

    XMLWordPrintable

Details

    Description

      Appears related to : CONFSERVER-40129 - Session timeout never occurred in Data Center.

      Summary

      Session timeout never occurs in Confluence as configured within the <confluence-install>/confluence/WEB-INF/web.xml file as it should as documented within How to adjust the session timeout for Confluence

      Aside from Confluence Data Center, This has also been confirmed to affect Confluence server standalone.

      Steps to Reproduce

      1. Stop Confluence
      2. Change <confluence_install>/confluence/WEB-INF/web.xml on each node as follows (Set session-timeout to 1 min):
        <session-config>
          <session-timeout>1</session-timeout>
        </session-config>
        
      1. Start Confluence

      Expected Results

      Session timeout should occur in 1 minute within the user session/web browser.

      Actual Results

      Session timeout never occurs, and the user remains logged into the application.

      Workaround

      Option 1:

      Configure the maximum age of the 'remember me' cookie per: Confluence Cookies by the following methods:

      1. Edit <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml and add:
        <!-- session-timeout remember-me cookie timer -->
        <init-param>
        	<param-name>autologin.cookie.age</param-name>
        	<param-value>1800</param-value><!-- 30 minutes in seconds -->
        </init-param>
        
      1. Implementing this on all nodes, then restarting the whole cluster seems to force the session-timeout to work as expected.

      Option 2:

      Disable the automatic remember me on DC clusters, this allows the end user to decide to have a Tomcat short session or Seraph long session but the user may need to login in again on a new node.

      1. Stop Confluence
      2. Go to Confluence installation directory
      3. Locate the <CONFLUENCE-INSTALLATION>/confluence/login.vm file and make a backup copy
      4. Edit the file
      5. Locate the following section of code:
        #if ($action.shouldRememberMeCheckboxBeOmitted())
            <input type="hidden" name="os_cookie" value="true"/>
        #else
            #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end
        #end
        
      1. Modify the above code as follows
        #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end
        
      1. Save the file and restart Confluence
      2. Repeat the above steps each time you install a new version of Confluence

      Attachments

        Issue Links

          Activity

            People

              zxu2@atlassian.com Zac Xu
              jwyllys Justin W.
              Votes:
              13 Vote for this issue
              Watchers:
              31 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: