-
Bug
-
Resolution: Fixed
-
Medium
-
5.2.1, 5.2.3, 6.0.3
-
5.02
-
Expected behavior
1. On first request : The target max inactivity timeout value is 60 seconds
- If there is an authenticated user then the target max inactivity timeout value is bumped to 10 minutes
- The original max inactivity timeout is stored inside the session itself
- The new target value is set as the max inactivity timeout on the session
2. On the subsequent request :
- The original max inactivity timeout is restored (likely to be about 5 hours depending on tomcat setup)
3. So if a 2nd request is posted within the 1 - 10 minutes mark, then the session expands to full life time.
Problem faced
Session is not terminated even if only 1 request created (supposedly it should be deleted after 60 seconds). Curl command as below is used:
curl -u rest:rest http://localhost:8523/rest/auth/1/session
After 10 minutes, session is still not deleted although no activity is performed under this session.
- is related to
-
JRASERVER-27047 JIRA creates sessions for "stateless" requests
- Closed
-
JRASERVER-27050 JIRA creates sessions for crawlers/bots
- Closed