Confluence 3.3 has reached end of life
Check out the [latest version] of the documentation
Confluence protects access to its administrative functions by requiring a secure administration session to use the Confluence administration console or administer a space. When a Confluence administrator (who is logged into Confluence) attempts to access an administration function, they are prompted to log in again. This logs the administrator into a temporary secure session that grants access to the Confluence/space administration console.
The temporary secure session has a rolling timeout (defaulted to 10 minutes). If there is no activity by the administrator in the Confluence/space administration console for a period of time that exceeds the timeout, then the administrator will be logged out of the secure administrator session (note, they will remain logged into Confluence). If the administrator does click an administration function, the timeout will reset.
Manually ending a secure session
An administrator can choose to manually end their secure session by clicking the 'drop access' link in the banner displayed at the top of their screen.
Note for developers
Secure administrator sessions can cause exceptions when developing against Confluence or deploying a plugin. Please read this FAQ for more information. Note, the Confluence XML-RPC and REST APIs are not affected by secure administration sessions.
To configure secure administrator sessions,
Go to the Confluence 'Administration Console'. To do this:
- Open the 'Browse' menu and select 'Confluence Admin'. The 'Administrator Access' login screen will be displayed.
- Enter your password and click 'Confirm'. You will be temporarily logged into a secure session to access the 'Administration Console'.
- Click 'Security Configuration' in the 'Security' section. The 'Edit Security Configuration' screen will be displayed.
- Click the 'Edit' link.
- To disable secure administrator sessions (i.e. administrators will not be required to log into a secure session to access the administration console), uncheck the 'Enable' checkbox next to 'Secure administrator sessions'.
- To change the timeout for secure administrator sessions, update the value in textbox next to 'minutes before invalidation'. The default timeout for a secure administration session is 10 minutes.
- Click the 'Save' button.
Screenshot: Configuring secure administrator sessions
Overview
Content Tools
Apps
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.