Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA admin session prompt is asking to re-authenticate to frequently

RS4
RS May 22, 2013

When I'm logged in as a JIRA admin user and I try to do something "adminey" I get a pop-up with:

"If you were sent to this page from a link obtained from an untrusted source please proceed with caution or validate the link source before continuing."

"You have requested access to an administrative function in JIRA and are required to validate your credentials below."

...asking me to re-authenticate.

It wouldn't be a problem if the re-authenticate session timeout were long enough, but it's only a few seconds. I am constantly presented with that pop-up for each admin action.

After some digging I found this:

https://confluence.atlassian.com/display/JIRA044/Configuring+Secure+Administrator+Sessions

I'm confused because the default timeout is suppose to be 10 minutes and I'm seeing around 10 seconds. Has anyone seen this before?

Info:

Using jira-5.2.9 with Crowd SSO on the same Linux box running in seperate JREs

Answer
Watch
Like # people like this
8465 views

2 answers

1 accepted

0 votes
Answer accepted
Zul NS _Atlassian_
Zul NS _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 22, 2013

This is more towards the Secure Administrators Sessions instead of the timeout session for administrators. As quoted

password confirmation before accessing administration functions

View More Comments
RS4
RS May 22, 2013

That's the same article I'm referring too. It's not the fact that JIRA propts for a secure session that's a problem, it's the session timeout. From the article:

"The temporary secure session has a rolling timeout (defaulted to 10 minutes). If there is no activity by the administrator in the JIRA administration screens for a period of time that exceeds the timeout, then the administrator will be logged out of the secure administrator session (note that they will remain logged into JIRA). If the administrator does click an administration function, the timeout will reset."

It seems like my rolling timeout is only about 10 seconds, if that. Before I go creating the jira-config.properties file and overriding the default timeout I'd like to understand why I'm not seeing the documented default timout of 10 minutes.

Like
Zul NS _Atlassian_
Zul NS _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 22, 2013

I got what you mean now, thanks for the explanation. I tried to do a couple of test, (although I do have the problem previously) I can't reproduce. :( The jira-config.properties did work during my testing for jira.websudo.is.disabled = true

Like
RS4
RS May 23, 2013

I created the file jira-config.properties in the jira home directory and added the line

jira.websudo.is.disabled = true

After restarting JIRA I do not get the JIRA secure sessions pop-up anymore.

I wish I knew why the 10 minute default sesstion timeout was not working though.

Thanks for the help

Like
Justin Leader6
Justin Leader
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 26, 2014

I agree that I see this kind of behavior in JIRA installs big and small.

Like
Manuel Ruiz3
Manuel Ruiz
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 4, 2014

We are having the same problem.

Like
Kevin Mote
Kevin Mote
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 25, 2014

Related issue: https://answers.atlassian.com/questions/92569/administrator-access

Like
Reply
6 votes
Azfar Masut
Azfar Masut
Contributor
February 3, 2016

When multiple applications are configured on the same domain with separate ports, users will be constantly logged out of each application as the {{SESSION_COOKIE_NAME}} is identical.

This is due to the Tomcat configuration. Please alter the default bundled Tomcat 7 config so that it has a unique JIRA session cookie by modifying the {{$JIRA_INSTALL/conf/context.xml}} to the following (or something similar):

{code:xml}
<Context sessionCookieName ="JIRASESSIONID">
{code}

This will prevent users from getting into this problem in the first place.

Additional workarounds can be found within User is Constantly Logged out of JIRA.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Upcoming Jira Events