Problem:

Users are frequently logged out from the Atlassian application after some time of inactivity.


Solution:

There are a few possible reasons/solutions for this:

  1. The session timeout defines the duration of inactivity of the session and there is a default configured value for it. If this is not the desired interval, the session timeout value could be adjusted in the web.xml file. 
    web.xml file is usually located in the following path:

    • Jira: <JIRA_INSTALL>/atlassian-jira/WEB-INF/web.xml
    • Confluence: <CONFLUENCE_INSTALL>/confluence/WEB-INF/web.xml
    • Bitbucket: <BITBUCKET_INSTALL>/conf/web.xml
    • Bamboo: <BAMBOO_INSTALL>/atlassian-bamboo/WEB-INF/web.xml
    • Fisheye-Crucible: <FishEye home directory>/content/WEB-INF/web.xml

    Find this element and adjust the value. Please note that this value is specified in minutes.

    web.xml
    <session-config>
    	<session-timeout>60</session-timeout>
    </session-config>
  2. You can use the SAML SSO RememberMe Cookie functionality. By enabling this functionality, a browser cookie (that is valid for 20 days) is created after a SSO login, which keeps the users logged in until they manually log out, which would remove the cookie.
    However, please note that this behaviour contradicts to the idea of SAML SSO, and should only be activated if required (e.g. in case the IdP cannot handle the amount of login requests).

    To enable it:
    • Go to the SAML Single Sign On plugin configuration page
    • Go to Advanced in the middle panel
    • Under Logged in Behavior section, mark the checkbox Set RememberMe Cookie 


  3. There were a few cases where the Atlassian Bot Killer plugin was terminating sessions early. We have not been able to reproduce what is causing the issue so far, and the majority of our customers who are using Bot Killer are able to use it without any problem. 
    Disabling the Bot Killer plugin could be a workaround/solution if it's causing issues with the sessions termination.