Prevent automatic login

 

Overview

When a user logs in to JIRA, they have the option of making JIRA remember their login information by selecting the 'Remember my login' checkbox before they click the 'Log In' button. When they do that, a 'Remember my login' token is stored by the JIRA server and a cookie containing this token is set in the user's browser. 

 A user who revisits JIRA from the same computer and browser, will automatically be logged in if JIRA detects that one of the user's 'Remember my login' tokens has a matching token contained in one of the browser's cookies. If the user logs out of JIRA, the 'Remember my login' token is cleared from the JIRA server.

To maximize and maintain the security of your JIRA instance, JIRA provides features for:

  • Disabling 'remember my login' functionality for the JIRA instance.
  • Clearing 'Remember my login' tokens for individual user accounts.
  • Clearing all 'Remember my login' tokens stored by your JIRA instance.

Manage automatic logins:

  • To maximize security by requiring a user to enter all of their credentials each login.
  • If users have been accessing your JIRA application in a public environment.
  • If users aren't in the habit of formally logging out of JIRA.

Before you begin

You must be logged in as a user with the JIRA Administrators global permission to complete any of the following procedures.

Clear a 'remember my login' token for a specific user

JIRA administrators can clear all 'Remember my login' tokens associated with a user's account through the JIRA administration console.

  To clear a login token for a user:
  1. Choose  > User Management.
  2. Find the user in the list and click the Username or Email Address of the user whose 'Remember my login' tokens you wish to remove. Details about that user and their login information is displayed.
  3. Click the 'Remember My Login' link to display that user's Remember My Login page.

  4. Click the 'Clear All' button to remove all 'Remember my login' tokens associated with this user account from the JIRA server.

Clear all 'remember my login' tokens for the entire JIRA instance

JIRA administrators can also clear all 'Remember my login' tokens from their JIRA instance with a few simple clicks. 

  To clear a login token for the instance:
  1. Choose  > System
  2. In the left panel, select Security > Remember My Login to open the Remember My Login for All Users page.
  3. Click the 'Clear All' button to remove all 'Remember my login' tokens from the JIRA server.

Disable 'remember my login on this computer' option for your JIRA instance

If you never want JIRA to remember login tokens, you can choose to disable 'remember my login' tokens for the entire JIRA instance.

  To disable this feature:

 Option 1 (recommended)

The checkbox for this option can be disabled by setting the jira.option.allowcookies property to false in your jira-config.properties file. You will need to restart JIRA in order for this change to take effect.

Option 2
Edit the ./atlassian-jira/includes/loginform.jsp file.


Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport