JIRA admin session prompt is asking to re-authenticate to frequently

When I'm logged in as a JIRA admin user and I try to do something "adminey" I get a pop-up with:

"If you were sent to this page from a link obtained from an untrusted source please proceed with caution or validate the link source before continuing."

"You have requested access to an administrative function in JIRA and are required to validate your credentials below."

...asking me to re-authenticate.

It wouldn't be a problem if the re-authenticate session timeout were long enough, but it's only a few seconds. I am constantly presented with that pop-up for each admin action.

After some digging I found this:

https://confluence.atlassian.com/display/JIRA044/Configuring+Secure+Administrator+Sessions

I'm confused because the default timeout is suppose to be 10 minutes and I'm seeing around 10 seconds. Has anyone seen this before?

Info:

Using jira-5.2.9 with Crowd SSO on the same Linux box running in seperate JREs

2 answers

1 accepted

0 votes
Accepted answer

This is more towards the Secure Administrators Sessions instead of the timeout session for administrators. As quoted

password confirmation before accessing administration functions

That's the same article I'm referring too. It's not the fact that JIRA propts for a secure session that's a problem, it's the session timeout. From the article:

"The temporary secure session has a rolling timeout (defaulted to 10 minutes). If there is no activity by the administrator in the JIRA administration screens for a period of time that exceeds the timeout, then the administrator will be logged out of the secure administrator session (note that they will remain logged into JIRA). If the administrator does click an administration function, the timeout will reset."

It seems like my rolling timeout is only about 10 seconds, if that. Before I go creating the jira-config.properties file and overriding the default timeout I'd like to understand why I'm not seeing the documented default timout of 10 minutes.

I got what you mean now, thanks for the explanation. I tried to do a couple of test, (although I do have the problem previously) I can't reproduce. :( The jira-config.properties did work during my testing for jira.websudo.is.disabled = true

I created the file jira-config.properties in the jira home directory and added the line

jira.websudo.is.disabled = true

After restarting JIRA I do not get the JIRA secure sessions pop-up anymore.

I wish I knew why the 10 minute default sesstion timeout was not working though.

Thanks for the help

I agree that I see this kind of behavior in JIRA installs big and small.

We are having the same problem.

When multiple applications are configured on the same domain with separate ports, users will be constantly logged out of each application as the {{SESSION_COOKIE_NAME}} is identical.

This is due to the Tomcat configuration. Please alter the default bundled Tomcat 7 config so that it has a unique JIRA session cookie by modifying the {{$JIRA_INSTALL/conf/context.xml}} to the following (or something similar):

{code:xml}
<Context sessionCookieName ="JIRASESSIONID">
{code}

This will prevent users from getting into this problem in the first place.

Additional workarounds can be found within User is Constantly Logged out of JIRA.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,717 views 17 21
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you