When using a third-party authenticator, user sessions may terminate earlier than expected when idle

This Knowledge Base article was written specifically for the Atlassian Server platform. Due to the Functional differences in Atlassian Cloud, the contents of this article cannot be applied to Atlassian Cloud applications.

Problem

By default, sessions will last for several hours when using the default authenticator. After using a third party authenticator, such as Okta, you may find that sessions initiated when Okta is enabled will be terminated if they are idle for an hour, even if the session configuration for your application is much higher. In most Atlassian Applications, the session length is 4 hours.

Cause

The Atlassian Bot Killer Plugin has been shown to terminate sessions when a third party authenticator such as Okta is enabled. If a session makes only a single request in an hour time frame, then that session will be terminated - idle activity can sometimes run afoul of this plugin.

Workaround

As a first step, try to disable the Atlassian Bot Killer Plugin. If that doesn't resolve the problem, please contact Atlassian Support.

  • If your instance is not publicly accessible, there should not be any significant ramifications - although you should monitor your instance to ensure performance and resource consumption stay normal.
Last modified on Jul 24, 2017

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.