Prevent automatic login
Overview
When a user logs in to JIRA, they have the option of making JIRA remember their login information by selecting the 'Remember my login' checkbox before they click the 'Log In' button. When they do that, a 'Remember my login' token is stored by the JIRA server and a cookie containing this token is set in the user's browser.
A user who revisits JIRA from the same computer and browser, will automatically be logged in if JIRA detects that one of the user's 'Remember my login' tokens has a matching token contained in one of the browser's cookies. If the user logs out of JIRA, the 'Remember my login' token is cleared from the JIRA server.
To maximize and maintain the security of your JIRA instance, JIRA provides features for:
- Disabling 'remember my login' functionality for the JIRA instance.
- Clearing 'Remember my login' tokens for individual user accounts.
- Clearing all 'Remember my login' tokens stored by your JIRA instance.
Manage automatic logins:
- To maximize security by requiring a user to enter all of their credentials each login.
- If users have been accessing your JIRA application in a public environment.
- If users aren't in the habit of formally logging out of JIRA.
Before you begin
You must be logged in as a user with the JIRA Administrators global permission to complete any of the following procedures.
Clear a 'remember my login' token for a specific user
JIRA administrators can clear all 'Remember my login' tokens associated with a user's account through the JIRA administration console.
Clear all 'remember my login' tokens for the entire JIRA instance
JIRA administrators can also clear all 'Remember my login' tokens from their JIRA instance with a few simple clicks.
Disable 'remember my login on this computer' option for your JIRA instance
If you never want JIRA to remember login tokens, you can choose to disable 'remember my login' tokens for the entire JIRA instance.