It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

JIRA admin session prompt is asking to re-authenticate to frequently

RS May 22, 2013

When I'm logged in as a JIRA admin user and I try to do something "adminey" I get a pop-up with:

"If you were sent to this page from a link obtained from an untrusted source please proceed with caution or validate the link source before continuing."

"You have requested access to an administrative function in JIRA and are required to validate your credentials below."

...asking me to re-authenticate.

It wouldn't be a problem if the re-authenticate session timeout were long enough, but it's only a few seconds. I am constantly presented with that pop-up for each admin action.

After some digging I found this:

https://confluence.atlassian.com/display/JIRA044/Configuring+Secure+Administrator+Sessions

I'm confused because the default timeout is suppose to be 10 minutes and I'm seeing around 10 seconds. Has anyone seen this before?

Info:

Using jira-5.2.9 with Crowd SSO on the same Linux box running in seperate JREs

2 answers

1 accepted

0 votes
Answer accepted
Zulfadli Noor Sazali Atlassian Team May 22, 2013

This is more towards the Secure Administrators Sessions instead of the timeout session for administrators. As quoted

password confirmation before accessing administration functions

RS May 22, 2013

That's the same article I'm referring too. It's not the fact that JIRA propts for a secure session that's a problem, it's the session timeout. From the article:

"The temporary secure session has a rolling timeout (defaulted to 10 minutes). If there is no activity by the administrator in the JIRA administration screens for a period of time that exceeds the timeout, then the administrator will be logged out of the secure administrator session (note that they will remain logged into JIRA). If the administrator does click an administration function, the timeout will reset."

It seems like my rolling timeout is only about 10 seconds, if that. Before I go creating the jira-config.properties file and overriding the default timeout I'd like to understand why I'm not seeing the documented default timout of 10 minutes.

Zulfadli Noor Sazali Atlassian Team May 22, 2013

I got what you mean now, thanks for the explanation. I tried to do a couple of test, (although I do have the problem previously) I can't reproduce. :( The jira-config.properties did work during my testing for jira.websudo.is.disabled = true

RS May 23, 2013

I created the file jira-config.properties in the jira home directory and added the line

jira.websudo.is.disabled = true

After restarting JIRA I do not get the JIRA secure sessions pop-up anymore.

I wish I knew why the 10 minute default sesstion timeout was not working though.

Thanks for the help

Justin Leader Jan 26, 2014

I agree that I see this kind of behavior in JIRA installs big and small.

Manuel Ruiz Mar 04, 2014

We are having the same problem.

5 votes
Azfar Masut Feb 03, 2016

When multiple applications are configured on the same domain with separate ports, users will be constantly logged out of each application as the {{SESSION_COOKIE_NAME}} is identical.

This is due to the Tomcat configuration. Please alter the default bundled Tomcat 7 config so that it has a unique JIRA session cookie by modifying the {{$JIRA_INSTALL/conf/context.xml}} to the following (or something similar):

{code:xml}
<Context sessionCookieName ="JIRASESSIONID">
{code}

This will prevent users from getting into this problem in the first place.

Additional workarounds can be found within User is Constantly Logged out of JIRA.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Next-gen

Introducing subtasks for breaking down work in next-gen projects

Teams break work down in order to help simplify complex tasks. This is often done iteratively, with tasks being broken down into smaller tasks and so on until the work is accurately captured in well-...

12,578 views 62 59
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you