Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Users frequently logged out
Problem
Users are frequently logged out from the Atlassian Data Center or Server application after some time of inactivity.
Solution
Adjusting the Session Timeout
The session timeout defines the duration of inactivity of the session and there is a default configured value for it. If this is not the desired interval, the session timeout value could be adjusted in the web.xml file.
The file is usually located in the following path:
- Jira Server & Data Center: <JIRA_INSTALL>/atlassian-jira/WEB-INF/web.xml
- Confluence Server & Data Center: <CONFLUENCE_INSTALL>/confluence/WEB-INF/web.xml
- Bitbucket Server & Data Center: <BITBUCKET_INSTALL>/conf/web.xml
- Bamboo Server: <BAMBOO_INSTALL>/atlassian-bamboo/WEB-INF/web.xml
- Fisheye-Crucible: <FishEye home directory>/content/WEB-INF/web.xml
Find the below element and adjust its value (specified in minutes)
web.xml
<session-config>
<session-timeout>60</session-timeout>
</session-config>In Bitbucket this is handled differently:
Bitbucket Server 5.0
Starting with Bitbucket Server 5.0+, the configuration in web.xml is no longer used, and all changes are read from bitbucket.properties.
Setting server.session.timeout=1800 in bitbucket.properties will adjust the default session timeout. This value is set in seconds.
Using the Atlassian RememberMe Cookie
You can use the SAML SSO RememberMe Cookie functionality. By enabling this functionality, a browser cookie (valid for 20 days) is created after an SSO login. This keeps the users logged in until they manually log out, which would remove the cookie.
However, please note that this contradicts the idea of SAML SSO, and should only be activated if required (e.g. in case the IdP cannot handle the number of login requests).
To enable it:
- Go to the SAML Single Sign-On configuration page
- Go to Advanced in the middle panel
- Under Logged in Behavior section, mark the checkbox Set RememberMe Cookie
There were a few cases where the Atlassian Bot Killer plugin was terminating sessions early but that issue has been worked fixed a while ago by us implementing a workaround.
Disabling the Bot Killer plugin could be a workaround if it's causing issues with the sessions being terminated, but again, it's rather unlikely to still happen.
Atlassian Bug Reference: https://jira.atlassian.com/browse/JRASERVER-70574