Problem:

Users are frequently logged out from the Atlassian Data Center or Server application after some time of inactivity.


Solution:

There are a few possible reasons/solutions for this:

  1. The session timeout defines the duration of inactivity of the session and there is a default configured value for it. If this is not the desired interval, the session timeout value could be adjusted in the web.xml file. 
    web.xml file is usually located in the following path:

    • Jira Server & Data Center: <JIRA_INSTALL>/atlassian-jira/WEB-INF/web.xml
    • Confluence Server & Data Center: <CONFLUENCE_INSTALL>/confluence/WEB-INF/web.xml
    • Bitbucket Server & Data Center: <BITBUCKET_INSTALL>/conf/web.xml
    • Bamboo Server: <BAMBOO_INSTALL>/atlassian-bamboo/WEB-INF/web.xml
    • Fisheye-Crucible: <FishEye home directory>/content/WEB-INF/web.xml

    Find this element and adjust the value. Please note that this value is specified in minutes.

    web.xml

    <session-config>
    	<session-timeout>60</session-timeout>
    </session-config>
    XML
    1. Bitbucket Server 5.0

      Starting with Bitbucket Server 5.0+, the configuration in web.xml is no longer used, and all changes are read from bitbucket.properties.

      Setting server.session.timeout=1800 in bitbucket.properties will adjust the default session timeout. This value is set in seconds.

  2. You can use the SAML SSO RememberMe Cookie functionality. By enabling this functionality, a browser cookie (that is valid for 20 days) is created after a SSO login, which keeps the users logged in until they manually log out, which would remove the cookie.
    However, please note that this contradicts  the idea of SAML SSO, and should only be activated if required (e.g. in case the IdP cannot handle the amount of login requests).

    To enable it:
    • Go to the SAML Single Sign On plugin configuration page
    • Go to Advanced in the middle panel
    • Under Logged in Behavior section, mark the checkbox Set RememberMe Cookie 


  3. There were a few cases where the Atlassian Bot Killer plugin was terminating sessions early. We have not been able to reproduce what is causing the issue so far, and the majority of our customers who are using Bot Killer are able to use it without any problem. 
    Disabling the Bot Killer plugin could be a workaround/solution if it's causing issues with the sessions termination.

    Atlassian Bug Reference: https://jira.atlassian.com/browse/JRASERVER-70574