It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

JIRA admin session prompt is asking to re-authenticate to frequently

When I'm logged in as a JIRA admin user and I try to do something "adminey" I get a pop-up with:

"If you were sent to this page from a link obtained from an untrusted source please proceed with caution or validate the link source before continuing."

"You have requested access to an administrative function in JIRA and are required to validate your credentials below."

...asking me to re-authenticate.

It wouldn't be a problem if the re-authenticate session timeout were long enough, but it's only a few seconds. I am constantly presented with that pop-up for each admin action.

After some digging I found this:

I'm confused because the default timeout is suppose to be 10 minutes and I'm seeing around 10 seconds. Has anyone seen this before?


Using jira-5.2.9 with Crowd SSO on the same Linux box running in seperate JREs

2 answers

1 accepted

0 votes
Answer accepted

This is more towards the Secure Administrators Sessions instead of the timeout session for administrators. As quoted

password confirmation before accessing administration functions

That's the same article I'm referring too. It's not the fact that JIRA propts for a secure session that's a problem, it's the session timeout. From the article:

"The temporary secure session has a rolling timeout (defaulted to 10 minutes). If there is no activity by the administrator in the JIRA administration screens for a period of time that exceeds the timeout, then the administrator will be logged out of the secure administrator session (note that they will remain logged into JIRA). If the administrator does click an administration function, the timeout will reset."

It seems like my rolling timeout is only about 10 seconds, if that. Before I go creating the file and overriding the default timeout I'd like to understand why I'm not seeing the documented default timout of 10 minutes.

I got what you mean now, thanks for the explanation. I tried to do a couple of test, (although I do have the problem previously) I can't reproduce. :( The did work during my testing for = true

I created the file in the jira home directory and added the line = true

After restarting JIRA I do not get the JIRA secure sessions pop-up anymore.

I wish I knew why the 10 minute default sesstion timeout was not working though.

Thanks for the help

I agree that I see this kind of behavior in JIRA installs big and small.

We are having the same problem.

When multiple applications are configured on the same domain with separate ports, users will be constantly logged out of each application as the {{SESSION_COOKIE_NAME}} is identical.

This is due to the Tomcat configuration. Please alter the default bundled Tomcat 7 config so that it has a unique JIRA session cookie by modifying the {{$JIRA_INSTALL/conf/context.xml}} to the following (or something similar):

<Context sessionCookieName ="JIRASESSIONID">

This will prevent users from getting into this problem in the first place.

Additional workarounds can be found within User is Constantly Logged out of JIRA.

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you