Documentation for Crowd 2.4. Documentation for other versions of Crowd is available too.

This page tells you how to set the timeout period for a session token and how to enable/disable in-memory token storage.

Session Timeout

When a successful authentication occurs, for either an application or a user, a unique token is assigned. Tokens are valid for the period of time specified as the 'Session Timeout' attribute.

The session timeout determines how long a session will be considered valid during any period of inactivity. This value is specified in minutes and must be greater than 0.

To specify the session timeout,

  1. Log in to the Crowd Administration Console.
  2. Click the 'Administration' tab in the top navigation bar.
  3. Click 'Session Config' in the left-hand menu.
  4. The 'Session Config' screen will appear, as shown below. Type the new value into the 'Session Timeout' field, then click the 'Update' button.

Authentication Token Storage

Authentication tokens are used to validate application and user sessions. A token is stored for each active session. By default, they're kept in the Crowd database. Storing these tokens in memory can benefit performance, but with some significant drawbacks:

  • Sessions will not be saved across Crowd restarts. If you restart Crowd, all your users will have to log in again.
  • Clustering will not be possible. (info) Atlassian does not officially support clustering Crowd, but a number of our customers are successfully using it in this manner. See this knowledge-base article.

Switching from database to in-memory token management does not require a restart of Crowd; nor will sessions be lost or validations failed. However, if you have lots of active sessions, and therefore lots of tokens, it can take some time to copy the token information. During this time, validation requests will be queued and Crowd will appear unresponsive to client applications.

As a guide, below are some benchmarks of time taken to switch from one form of token storage to the other. The measurements were taken on a quad-core Mac Pro, using a lightly-loaded PostgreSQL database:

Number of Tokens:

100

500

1000

5000

10000

Database -> Memory

0.1s

0.7s

1.2s

4.2s

8.2s

Memory -> Database

1.2s

4.8s

9.2s

45 秒

90 秒

To switch the token storage location,

  1. Log in to the Crowd Administration Console.
  2. Click the 'Administration' tab in the top navigation bar.
  3. Click 'Session Config' in the left-hand menu.
  4. The 'Session Config' screen will appear, as shown below. Select one of the radio buttons next to Authentication Token Storage:
    • 'Database Cache' — This is the default option. Select it to store your tokens in the Crowd database. We recommend this option unless performance problems require in-memory storage.
    • 'Memory Cache' — Select this option to store your tokens in memory.
  5. Click the 'Update' button.


Screenshot: 'Session Config'

関連トピック

Crowd Documentation



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.