Details
-
Bug
-
Resolution: Not a bug
-
Highest
-
None
-
5.10.8, 6.1.0, 6.2.2, 6.2.4, 6.3.4, 6.15.2, 7.11.0
-
50
-
Severity 2 - Major
-
131
-
Description
Appears related to : CONFSERVER-40129 - Session timeout never occurred in Data Center.
Summary
Session timeout never occurs in Confluence as configured within the <confluence-install>/confluence/WEB-INF/web.xml file as it should as documented within How to adjust the session timeout for Confluence
Aside from Confluence Data Center, This has also been confirmed to affect Confluence server standalone.
Steps to Reproduce
- Stop Confluence
- Change <confluence_install>/confluence/WEB-INF/web.xml on each node as follows (Set session-timeout to 1 min):
<session-config> <session-timeout>1</session-timeout> </session-config>
- Start Confluence
Expected Results
Session timeout should occur in 1 minute within the user session/web browser.
Actual Results
Session timeout never occurs, and the user remains logged into the application.
Workaround
Option 1:
Configure the maximum age of the 'remember me' cookie per: Confluence Cookies by the following methods:
- Edit <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml and add:
<!-- session-timeout remember-me cookie timer --> <init-param> <param-name>autologin.cookie.age</param-name> <param-value>1800</param-value><!-- 30 minutes in seconds --> </init-param>
- Implementing this on all nodes, then restarting the whole cluster seems to force the session-timeout to work as expected.
Option 2:
Disable the automatic remember me on DC clusters, this allows the end user to decide to have a Tomcat short session or Seraph long session but the user may need to login in again on a new node.
- Stop Confluence
- Go to Confluence installation directory
- Locate the <CONFLUENCE-INSTALLATION>/confluence/login.vm file and make a backup copy
- Edit the file
- Locate the following section of code:
#if ($action.shouldRememberMeCheckboxBeOmitted()) <input type="hidden" name="os_cookie" value="true"/> #else #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end #end
- Modify the above code as follows
#bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end
- Save the file and restart Confluence
- Repeat the above steps each time you install a new version of Confluence
Attachments
Issue Links
- duplicates
-
-
- Closed
-
- has a derivative of
-
CONFSERVER-66598 Make the 'remember me' feature configurable
- Gathering Interest
- is resolved by
-
- Closed
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-