Are JIRA/Crowd User Sessions Refreshed by Activity?

From what I can tell, user session cookies only contain data about when the session was created.  In my mind, that means a user session will expire after whatever time is set in Session Config > Session timeout (Crowd) or the default session setting in web.xml (JIRA).  The session is not refreshed by user activity.   So, if a user logs into JIRA via a Crowd account at 10am, and the Session timeout in Crowd is set to 60 minutes, the user will be logged out at 11am, regardless of whether they've been actively using JIRA all that time.

Is that a correct understanding?

1 answer

That's not correct. Each time that the token is validated, its lifetime it's extended.

Tokens expire after a given time has passed since the last time they were validated, not since they were created.

Diego is there any configurable options that could change this behaviour. I want to force expired user session after amount of time, no meeter if the user was active this time or not? 

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,317 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot