Are JIRA/Crowd User Sessions Refreshed by Activity?

From what I can tell, user session cookies only contain data about when the session was created.  In my mind, that means a user session will expire after whatever time is set in Session Config > Session timeout (Crowd) or the default session setting in web.xml (JIRA).  The session is not refreshed by user activity.   So, if a user logs into JIRA via a Crowd account at 10am, and the Session timeout in Crowd is set to 60 minutes, the user will be logged out at 11am, regardless of whether they've been actively using JIRA all that time.

Is that a correct understanding?

1 answer

0 votes

That's not correct. Each time that the token is validated, its lifetime it's extended.

Tokens expire after a given time has passed since the last time they were validated, not since they were created.

Diego is there any configurable options that could change this behaviour. I want to force expired user session after amount of time, no meeter if the user was active this time or not? 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 25, 2018 in Jira

Atlassian Research Workshop opportunity on Sep. 28th in Austin, TX

We're looking for participants for a workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sha...

442 views 7 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you