Prevent automatic login
When a user logs in to JIRA, they have the option of making JIRA remember their login information by selecting the 'Remember my login' checkbox before they click the 'Log In' button. When they do that, a 'Remember my login' token is stored by the JIRA server and a cookie containing this token is set in the user's browser.
A user who revisits JIRA from the same computer and browser, will automatically be logged in if JIRA detects that one of the user's 'Remember my login' tokens has a matching token contained in one of the browser's cookies. If the user logs out of JIRA, the 'Remember my login' token is cleared from the JIRA server.
To maximize and maintain the security of your JIRA instance, JIRA provides features for:
- Disabling 'remember my login' functionality for the JIRA instance.
- Clearing 'Remember my login' tokens for individual user accounts.
- Clearing all 'Remember my login' tokens stored by your JIRA instance.
Manage automatic logins:
- To maximize security by requiring a user to enter all of their credentials each login.
- If users have been accessing your JIRA application in a public environment.
- If users aren't in the habit of formally logging out of JIRA.
Clear a 'remember my login' token for a specific user
JIRA administrators can clear all 'Remember my login' tokens associated with a user's account through the JIRA administration console.
- Choose > User Management.
- Find the user in the list and click the Username or Email Address of the user whose 'Remember my login' tokens you wish to remove. Details about that user and their login information is displayed.
- Click the 'Remember My Login' link to display that user's Remember My Login page.
- Click the 'Clear All' button to remove all 'Remember my login' tokens associated with this user account from the JIRA server.
Clear all 'remember my login' tokens for the entire JIRA instance
JIRA administrators can also clear all 'Remember my login' tokens from their JIRA instance with a few simple clicks.
- Choose > System.
- In the left panel, select Security > Remember My Login to open the Remember My Login for All Users page.
- Click the 'Clear All' button to remove all 'Remember my login' tokens from the JIRA server.
Disable 'remember my login on this computer' option for your JIRA instance
If you never want JIRA to remember login tokens, you can choose to disable 'remember my login' tokens for the entire JIRA instance.
Option 1 (recommended)
The checkbox for this option can be disabled by setting the
jira.option.allowcookies property to
false in your jira-config.properties file. You will need to restart JIRA in order for this change to take effect.
Was this helpful?
Thanks for your feedback!