Summary

Confluence won't respect the session timeout in web.xml if the user has an editor open. Essentially, you can set the session timeout to 1 minute, and an inactive user viewing a page will be kicked out after one minute. However, if that user has the editor open for a page, that user's session seems to stay active as long as the editor is open. Happens with Collaborative editing off and on.

May be related to CONFSERVER-54142 (though the seraph-config.xml workaround does not fix this issue)

Steps to Reproduce

1. Set session timeout to 1 minute in web.xml and restart Confluence (How to adjust the session timeout for Confluence)
2. Log in and open the editor on a page and wait.

Expected Results

User is logged out after 1 minute.

Actual Results

The user is not logged out and remains logged in beyond 20 minutes longer. The same user is logged out after 1 minute if the editor is not open.