[JIRA] (JENKINS-51734) sessionTimeout isn't be honoured

[ben.copeland@linaro.org (JIRA)]

Ben Copeland created an issue

Jenkins / JENKINS-51734 sessionTimeout isn't be honoured Issue Type: Bug Assignee: Kanstantsin Shautsou Components: crowd2-plugin, docker Created: 2018-06-06 13:33 Priority: Major Reporter: Ben Copeland Since upgrade to Jenkins 2.107.1 the sessionTimeout option isn't working. We run Jenkins in a docker image (jenkins/jenkins:2.107.3) with option "ENV JENKINS_OPTS="–sessionTimeout=1440". We use the crowd2 as our login engine. Since upgrading to 2.107.1 sessions are only being held active for ~30mins. I can see that the option is running: "-Dorg.eclipse.jetty.server.Request.maxFormContentSize=1000000 -jar /usr/share/jenkins/jenkins.war --sessionTimeout=1440" Add Comment

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev assigned an issue to Unassigned

Removing the assignee according to https://groups.google.com/forum/#!topic/jenkinsci-dev/sFejhRvZiIM

Jenkins / JENKINS-51734 sessionTimeout isn't be honoured

Change By: Oleg Nenashev Assignee: Kanstantsin Shautsou

Add Comment

[mail@martinspielmann.de (JIRA)]

Martin Spielmann assigned an issue to Martin Spielmann

Jenkins / JENKINS-51734 sessionTimeout isn't be honoured

Change By: Martin Spielmann Assignee: Martin Spielmann

Add Comment

[zlei.huang@gmail.com (JIRA)]

Zhenlei Huang commented on JENKINS-51734

Re: sessionTimeout isn't be honoured Hi, Ben Copeland, have you enabled the SSO, i.e. checked the 'Use SSO' option? Can you give it another try without enabling SSO? Thanks

Add Comment

This message was sent by Atlassian JIRA (v7.10.1#710002-sha1:6efc396)

[scyiwei@163.com (JIRA)]

Wei Yi commented on JENKINS-51734

Re: sessionTimeout isn't be honoured

I hit this issue too. The sessionTimeout doesn't work after I upgrade my jenkins from 2.19.3 to 2.121.2. After some investigation I found that winstone is upgrade from 3.1 to 4.2. It seems before 4.2 https://github.com/jenkinsci/winstone/blob/winstone-4.1/src/java/winstone/HostConfiguration.java It only uses sessionTimeout. @Override   public void postConfigure() throws Exception {| | |super.postConfigure();| | | | | |// if specified, override the value in web.xml| | |int sessionTimeout = Option.SESSION_TIMEOUT.get(args);| | |if (sessionTimeout>0)| | |getSessionHandler().setMaxInactiveInterval(sessionTimeout * 60);| | |}   but in 4.2 https://github.com/jenkinsci/winstone/blob/winstone-4.2/src/main/java/winstone/HostConfiguration.java It uses sessionTimeout and sessionEviction. @Override   public void postConfigure() throws Exception {   super.postConfigure();       // if specified, override the value in web.xml   int sessionTimeout = Option.SESSION_TIMEOUT.get(args);   if (sessionTimeout>0) {| | |getSessionHandler().setMaxInactiveInterval(sessionTimeout * 60);| | |}   int sessionEviction = Option.SESSION_EVICTION.get(args);   getSessionHandler().getSessionCache().setEvictionPolicy( sessionEviction );   } According to https://github.com/jenkinsci/winstone, the session will be evicted after 30 minutes if we don't set sessionEviction. --sessionEviction = Set the session eviction timeout for idle sessions. Default value is 30min. {{}} After I add --sessionEviction, it works now.

Add Comment

[mail@martinspielmann.de (JIRA)]

Martin Spielmann started work on JENKINS-51734

Change By: Martin Spielmann Status: Open In Progress

Add Comment

[totoroliu1215@hotmail.com (JIRA)]

Rick Liu commented on JENKINS-51734

Re: sessionTimeout isn't be honoured

I see the same issue after upgrading to Jenkins core v.2.121.3. On Ubuntu 16.04.4 LTS under /etd/default/jenkins, I have set JENKINS_ARG with --sessionTimeout=1440, which is 24 hours. But with a logged-in Jenkins page openned in a browser tab (both Firefox and Chrome), after about 1 hour inactivity to the tab, the session would be gone. Any click to the page would be redirected to the login page to login again.

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[totoroliu1215@hotmail.com (JIRA)]

Rick Liu edited a comment on JENKINS-51734

Re: sessionTimeout isn't be honoured

I see the same issue after upgrading to Jenkins core v.2.121.3. On Ubuntu 16.04.4 LTS under /etd/default/jenkins, I have set JENKINS_ARG with --sessionTimeout=1440, which is 24 hours. But with a logged-in Jenkins page openned in a browser tab (both Firefox and Chrome), after about 1 hour inactivity to the tab, the session would be gone. Any click to the page would be redirected to the login page to login again.

this --sessionEvicition setting should be added to the document page.

Add Comment

[ben.copeland@linaro.org (JIRA)]

Ben Copeland commented on JENKINS-51734

Re: sessionTimeout isn't be honoured

I have both ENV JENKINS_OPTS="--sessionTimeout=1440 --sessionEviction=1440" set in my dockerfile but seem to still be getting logged out every ~10mins.

Add Comment

[inka@mailbox.org (JIRA)]

in ka commented on JENKINS-51734

Re: sessionTimeout isn't be honoured

sessionEviction also not works for me. Anybody found a work around?

Add Comment

[mail@martinspielmann.de (JIRA)]

Martin Spielmann commented on JENKINS-51734

Re: sessionTimeout isn't be honoured

Im sorry I won't be able to work I  this topic before March. Any help and PR is highly appreciated.

Add Comment

[alexrwave@gmail.com (JIRA)]

Alejandro Ruiz commented on JENKINS-51734

Re: sessionTimeout isn't be honoured

Hi! Is there any update on this? Is it possible to workaround this using Groovy init scripts?

Add Comment

[tarvip@gmail.com (JIRA)]

Tarvi Pillessaar commented on JENKINS-51734

Re: sessionTimeout isn't be honoured

sessionEviction is actually working (tested with version 2.176.1), just sessionEviction is in seconds and sessionTimeout is in minutes.

Add Comment