Problem

The session timeout is not being respected in Confluence.  Users are not logged out after being idle for the default 60 minutes (not making any actions in Confluence). Even if you adjust the session timeout it is still not being respected.

The following appears in the atlassian-confluence.log:

2016-03-18 10:20:10,444 ERROR [http-nio-8594-exec-9] [atlassian.confluence.servlet.ConfluenceServletDispatcher] serviceAction There is no Action mapped for namespace /chat and action name heartbeat

2016-03-16 10:53:58,046 WARN [http-nio-443-exec-130] [atlassian.confluence.cache.InvalidatableCacheLoader] isInvalid Value for key 'en_GB' was invalidated while it was being loaded. Reloading the value.
 -- referer: http://localhost:8594/confluence/display/CRIT/Welcome+to+Confluence | url: /chat/heartbeat.action | userName: admin

Diagnosis

Environment

• If you are running Confluence 5.3 and below, then you might be running into the following bug:  CONF-26796 - Getting issue details... STATUS
• For Confluence 5.4 and above the Confluence Chat plugin might be causing this.
• For later versions, it could be caused by this bug:  CONFSERVER-54142 - Getting issue details... STATUS

Diagnostic Steps

• Set the session timeout to 1 minute
• Log in with a user, and leave that window idle for at least 1 minute
• Click on any page links or perform any action in Confluence
• You will notice that your session is still valid
• Disable the Confluence Chat plugin and go through the steps above
• The application should now log you out after 1 minute of being idle

Cause

The Chat plugin sends out heartbeat messages which artificially extend the sessions for users, as if they were performing actions in the instance regularly.

Resolution

• Edit the 'remember me' cookie settings per  CONFSERVER-54142 - Getting issue details... STATUS
• Uninstall or disable the Confluence Chat plugin through your Manage Add-ons page if installed.