From what I can tell, user session cookies only contain data about when the session was created. In my mind, that means a user session will expire after whatever time is set in Session Config > Session timeout (Crowd) or the default session setting in web.xml (JIRA). The session is not refreshed by user activity. So, if a user logs into JIRA via a Crowd account at 10am, and the Session timeout in Crowd is set to 60 minutes, the user will be logged out at 11am, regardless of whether they've been actively using JIRA all that time.
Is that a correct understanding?
That's not correct. Each time that the token is validated, its lifetime it's extended.
Tokens expire after a given time has passed since the last time they were validated, not since they were created.
Diego is there any configurable options that could change this behaviour. I want to force expired user session after amount of time, no meeter if the user was active this time or not?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.