Create
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Community resources
Community resources
Community resources
REST ticket duration short
Deleted user May 24, 2019 edited
I have been looking into a login issue at my company. Users are getting logged out from the REST endpoint sooner then what is configured (5 hours) using cookies.
In Web.xml we have:
<session-config>
<session-timeout>300</session-timeout>
</session-config>
For testing I have been using curl.
command and output to login:
curl -k -vv -X POST -H "content-type: application/json" -d "{ \"username\": \"myusername\", \"password\": \"mypassword\" }" https://jirainstance/rest/auth/latest/session
* Hostname was NOT found in DNS cache
* Trying X.X.X.X...
* Connected to jirainstance (X.X.X.X) port XXXX (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* SNIP - CERT INFO
> POST /rest/auth/latest/session HTTP/1.1
> User-Agent: curl/7.36.0
> Host: jirainstance
> Accept: */*
> content-type: application/json
> Content-Length: 60
>
* upload completely sent off: 60 out of 60 bytes
< HTTP/1.1 200
< X-AREQUESTID: 579x3299294x1
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: frame-ancestors 'self'
< X-ASEN: SEN-213799
< Set-Cookie: atlassian.xsrf.token=idHere|lout;path=/;Secure
< X-AUSERNAME: anonymous
< Set-Cookie: JSESSIONID=jiraSessionIDHere;path=/;Secure;HttpOnly
< X-Seraph-LoginReason: OK
< Cache-Control: no-cache, no-store, no-transform
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Fri, 24 May 2019 16:39:29 GMT
<
{"session":{"name":"JSESSIONID","value":"jiraSessionIDHere"},"loginInfo":{"failedLoginCount":12,"loginCount":9925,"lastFailedLoginTime":"2019-03-29T16:36:00.303-0700","previousLoginTime":"2019-05-24T09:16:17.181-0700"}}* Connection #0 to host jirainstance left intactcommand and output for successful login check:
curl -k -vv -b "JSESSIONID=jiraSessionIDHere;" https://jirainstance/rest/auth/latest/session
* Hostname was NOT found in DNS cache
* Trying X.X.X.X...
* Connected to lithjira.wbiegames.com (10.101.17.64) port 8443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* SNIP - CERT INFO
> GET /rest/auth/latest/session HTTP/1.1
> User-Agent: curl/7.36.0
> Host: jirainstance
> Accept: */*
> Cookie: JSESSIONID=jiraSessionIDHere;
>
< HTTP/1.1 200
< X-AREQUESTID: 580x3299343x1
< X-ASESSIONID: b66yiq
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: frame-ancestors 'self'
< X-ASEN: SEN-213799
< X-Seraph-LoginReason: OK
< Set-Cookie: atlassian.xsrf.token=idHere;path=/;Secure
< X-AUSERNAME: myusername
< Cache-Control: no-cache, no-store, no-transform
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Fri, 24 May 2019 16:40:19 GMT
<
{"self":"https://jirainstance/rest/api/latest/user?username=myusername","name":"myusername","loginInfo":{"failedLoginCount":12,"loginCount":9925,"lastFailedLoginTime":"2019-03-29T16:36:00.303-0700","previousLoginTime":"2019-05-24T09:16:17.181-0700"}}* Connection #0 to host jirainstance left intact
command and output for failure:
curl -k -vv -b "JSESSIONID=jiraSessionIDHere;" https://jirainstance/rest/auth/latest/session
* Hostname was NOT found in DNS cache
* Trying X.X.X.X...
* Connected to lithjira.wbiegames.com (10.101.17.64) port 8443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* SNIP - CERT INFO
> GET /rest/auth/latest/session HTTP/1.1
> User-Agent: curl/7.36.0
> Host: jirainstance
> Accept: */*
> Cookie: JSESSIONID=jiraSessionIDHere;
>
< HTTP/1.1 401
< X-AREQUESTID: 828x3355952x1
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: frame-ancestors 'self'
< X-ASEN: SEN-213799
< Set-Cookie: atlassian.xsrf.token=idHere;path=/;Secure
< X-AUSERNAME: anonymous
< Cache-Control: no-cache, no-store, no-transform
< WWW-Authenticate: OAuth realm="https%3A%2F%2Fjirainstance%3A8443"
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Fri, 24 May 2019 20:48:56 GMT
<
{"errorMessages":["You are not authenticated. Authentication required to perform this operation."],"errors":{}}* Connection #0 to host jirainstance left intact
The login seems to last for at least a few hours but never as long as what is configured. Any ideas what might be going on here?
0 answers
TAGS
Community showcase
Atlassian Community Events
Copyright © 2025 Atlassian