Session timeouts not respected in Confluence when using Confluence Chat plugin
プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。
The session timeout is not being respected in Confluence. Users are not logged out after being idle for the default 60 minutes (not making any actions in Confluence). Even if you adjust the session timeout it is still not being respected.
The following appears in the atlassian-confluence.log:
2016-03-18 10:20:10,444 ERROR [http-nio-8594-exec-9] [atlassian.confluence.servlet.ConfluenceServletDispatcher] serviceAction There is no Action mapped for namespace /chat and action name heartbeat
2016-03-16 10:53:58,046 WARN [http-nio-443-exec-130] [atlassian.confluence.cache.InvalidatableCacheLoader] isInvalid Value for key 'en_GB' was invalidated while it was being loaded. Reloading the value. -- referer: http://localhost:8594/confluence/display/CRIT/Welcome+to+Confluence | url: /chat/heartbeat.action | userName: admin
- If you are running Confluence 5.3 and below, then you might be running into the following bug: - CONF-26796Getting issue details... STATUS
- For Confluence 5.4 and above the Confluence Chat plugin might be causing this.
- For later versions, it could be caused by this bug: - CONFSERVER-54142Getting issue details... STATUS
- Set the session timeout to 1 minute
- Log in with a user, and leave that window idle for at least 1 minute
- Click on any page links or perform any action in Confluence
- You will notice that your session is still valid
- Disable the Confluence Chat plugin and go through the steps above
- The application should now log you out after 1 minute of being idle
The Chat plugin sends out heartbeat messages which artificially extend the sessions for users, as if they were performing actions in the instance regularly.
- Edit the 'remember me' cookie settings per - CONFSERVER-54142Getting issue details... STATUS
- Uninstall or disable the Confluence Chat plugin through your Manage Add-ons page if installed.