Confluence shows java.lang.IllegalStateException: getAttribute: Session already invalidated

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

While attempting to create a page, edit a page or any admin actions Confluence shows following error:

"Your request could not be processed because a required security token was not present in the request. You may need to re-submit the form or reload the page."

The following appears in the atlassian-confluence.log

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 java.lang.IllegalStateException: getAttribute: Session already invalidated at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1165) at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:120) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.atlassian.plugin.servlet.PluginHttpSessionWrapper.getAttribute(PluginHttpSessionWrapper.java:39) at com.opensymphony.webwork.dispatcher.SessionMap.get(SessionMap.java:106) at com.atlassian.confluence.core.ConfluenceActionSupport.addToHistory(ConfluenceActionSupport.java:464) at com.atlassian.confluence.pages.actions.ViewPageAction.execute(ViewPageAction.java:267) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:168) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) ..... at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) 

Cause

This error shows Confluence's sessions timed out.

Resolution

By default, users will be automatically logged out after 60 minutes of inactivity. Adjust the session timeout for Confluence to 60 or above by editing <confluence_install>/confluence/WEB-INF/web.xml.

Find this element and adjust the value. The value is specified in minutes.

1 2 3 <session-config> <session-timeout>60</session-timeout> </session-config>

ℹ️ After editing the web.xml file you will need to restart Confluence for your change to take effect.

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageProblemCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community