Confluence: admin session dropped almost immediately

I have installed Confluence standalone 4.1.2, awith a 64bit tomcat on a 64bit JVM, following instructions found on Atlassian documentation.

I have integrated Confluence with Crowd, 2.3.6.

I have configured also SSO. The two are on two different servers, but in the same domain:

server01.localdomain -> Crowd, Jira, Fisheye

server02.localdomain -> Confluence, Bamboo

Everything works fine, I can log in in one of the applications and then going to another one I'm logged. The same, if I logout I am logged out from every application. So SSO is working.

When in Confluence I try to do an action that requires to take administration rights, I insert my password and start compiling a form. But when I submit, I get again the password request form and when I send the form I get an error message telling that the required authentication token was not present and that I have to restart over. I am still logged in, what i loose in the "sudo" priviledges.

If I can complete the operation in a few seconds (under five seconds) everything is ok, but if I wait even more then 5 seconds I cannot complete the operation.

This is blocking, because I cannot even create a new space, the time required to fill the 3 fileds is too much and I loose the "sudo" session.

I have also tried to disable SSO and it does not fix the problem.

I don't have this problem with any other application, even Jira works fine, (in Jira there is the same "sudo" requirement to administer it).

I don't have any error in the logs, both in Crowd and in Confluence.

3 answers

2 votes
Joe Clark Atlassian Team Jan 10, 2012

This is a grey area for us, sorry to say.

If you use the built-in Confluence Crowd SSO Authenticator, then things should work OK:

Unfortunately, if you're using a custom-built SSO Authenticator, then that is a scenario we have deliberately chosen not to support and you will need to disable Confluence's Secure Administrator Sessions feature (aka web sudo). (

I am using the default Confluence SSO authenticator:

<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>

Even disabling it and re-enabling the non-SSO authenticator

<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>

I have the same problem.

I disabled the websudo and now it does not ask me for admin login every time I enter an administration page, but I have the same problem: If I try to edit something and I need more than 5 seconds, I get this message:

  • Your session has expired. You may need to re-submit the form or reload the page.

If you use a browser extension like 'edit this cookie' in chrome, you can check the crowd token information when switching tabs between Crowd and the other application tabs to see if the token is different. If it is, it is going to keep knocking you out and means something in the configuration is a miss. Generally the SSO domain but it sounds like you have that working.

But for somewhere to start, check out the information in the cookies and post back

I was having same issue and I found that I was getting session timeout error in google chrome. But it worked in Internet Explorer.

note: We are using SSO.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Dec 18, 2018 in Confluence Cloud

Happy holidays from our team to yours!

Hi Community!  2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...

458 views 3 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you