Session timeouts not respected in Confluence when using Confluence Chat plugin
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Problem
The session timeout is not being respected in Confluence. Users are not logged out after being idle for the default 60 minutes (not making any actions in Confluence). Even if you adjust the session timeout it is still not being respected.
The following appears in the atlassian-confluence.log:
1
2016-03-18 10:20:10,444 ERROR [http-nio-8594-exec-9] [atlassian.confluence.servlet.ConfluenceServletDispatcher] serviceAction There is no Action mapped for namespace /chat and action name heartbeat1
2
2016-03-16 10:53:58,046 WARN [http-nio-443-exec-130] [atlassian.confluence.cache.InvalidatableCacheLoader] isInvalid Value for key 'en_GB' was invalidated while it was being loaded. Reloading the value.
-- referer: http://localhost:8594/confluence/display/CRIT/Welcome+to+Confluence | url: /chat/heartbeat.action | userName: adminDiagnosis
Environment
If you are running Confluence 5.3 and below, then you might be running into the following bug: CONFSERVER-26796 - Session-timeout not being respected
For Confluence 5.4 and above the Confluence Chat plugin might be causing this.
For later versions, it could be caused by this bug: CONFSERVER-54142 - Session Timeout not respected in Confluence in Tomcat web.xml file
Diagnostic Steps
Set the session timeout to 1 minute
Log in with a user, and leave that window idle for at least 1 minute
Click on any page links or perform any action in Confluence
You will notice that your session is still valid
Disable the Confluence Chat plugin and go through the steps above
The application should now log you out after 1 minute of being idle
Cause
The Chat plugin sends out heartbeat messages which artificially extend the sessions for users, as if they were performing actions in the instance regularly.
Solution
Resolution
Edit the 'remember me' cookie settings per CONFSERVER-54142 - Session Timeout not respected in Confluence in Tomcat web.xml file
Uninstall or disable the Confluence Chat plugin through your Manage Add-ons page if installed.
Was this helpful?