Hello,
I'm using a standalone Confluence-3.5.5 and on almost every action I do, login is required. This is a little bit boring :)
Can someone help me and indicate how to configure this ?
Thanks in advance
Ticker
Found it !
There's an option in $CONFLUENCE_HOME/confluence/WEB-INF/classes/seraph-config.xml :
<!-- Invalidate session on login to prevent session fixation attack --> <init-param> <param-name>invalidate.session.on.login</param-name> <param-value>true</param-value> </init-param>
If you change the parameter value to false, it solves the problem :) We haven't this on our enterprise Confluence because we are using Crowd : the seraph config files are by-passed.
Hope this helps
Ticker
I've experienced something similar before on restrictive company networks.
Is this a hosted environment? Do you have a particularly restrictive networking in your company? If so, maybe Privoxy may be able to help you track down problem calls that your network blocks.
Do you have a secure network gateway that is invalidating sessions?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi David,
The standalone instance of Confluence is installed on my machine (Windows XP) and I access it locally. So it could not be a network problem. But I think you're right : something is invalidating my session...
Thanks for your answer
Ticker
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.