Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.0.4, 6.1-OD-03
Affects Version/s: 5.2.1, 5.2.3, 6.0.3
Component/s: REST API
Labels:

Introduced in Version:
5.02
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

This issue deals with how JIRA manages session requests to the REST/SOAP API.
The related issue ~~JRA-27050~~ deals with session management for web Crawlers.
The related issue ~~JRA-27047~~ deals with session management for stateless requests to the REST/SOAP API.

Expected behavior

1. On first request : The target max inactivity timeout value is 60 seconds

If there is an authenticated user then the target max inactivity timeout value is bumped to 10 minutes
The original max inactivity timeout is stored inside the session itself
The new target value is set as the max inactivity timeout on the session

2. On the subsequent request :

The original max inactivity timeout is restored (likely to be about 5 hours depending on tomcat setup)

3. So if a 2nd request is posted within the 1 - 10 minutes mark, then the session expands to full life time.

Problem faced

Session is not terminated even if only 1 request created (supposedly it should be deleted after 60 seconds). Curl command as below is used:

curl -u rest:rest http://localhost:8523/rest/auth/1/session

After 10 minutes, session is still not deleted although no activity is performed under this session.

Attachments

Issue Links

is related to

JRASERVER-27047 JIRA creates sessions for "stateless" requests

Closed

JRASERVER-27050 JIRA creates sessions for crawlers/bots

Closed

Activity

People

Assignee:: Eric Dalgliesh

Reporter:: Chung Park Chan

Votes:: 1 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 16/Jan/2013 8:52 AM

Updated:: 28/Mar/2019 12:09 AM

Resolved:: 09/Jul/2013 12:18 AM