...
This is by design in Jira and Confluence and is called Secure Administrator sessions (or websudo). If you would like users to be able to enter the admin section without entering their passwords, Atlassian has a way of disabling this (WebSudo).
Guide for disabling in Jira:
https://confluence.atlassian.com/adminjiraserver073/configuring-secure-administrator-sessions-861254024.html
In Confluence, please navigate to the address <your_confluence_url>/admin/viewsecurityconfig.action and turn off the value “Secure administrator sessions”.
...