Bamboo uses Seraph, an open source framework, for HTTP cookie authentication.
Bamboo uses two cookies:
- The JSESSIONID cookie is created by the application server and used for session tracking purposes.
- The 'remember me' cookie,
seraph.bamboo, is generated by Bamboo when the user selects the Remember me checkbox on the login page.
You can read about cookies on the Wikipedia page.
On this page:
The 'Remember Me' cookie
The 'remember me' cookie is a long-lived HTTP cookie. This cookie can be used to authenticate an unauthenticated session. Bamboo generates this cookie when the user selects the Remember me checkbox on the login page.
Cookie key and value
By default, the cookie key is
seraph.bamboo. This key is defined in the
BAMBOO-INSTALLATION/webapp/WEB-INF/classes/seraph-config.xml file, in the
The cookie contains a unique identifier plus a securely-generated random string.
Use of cookie for authentication
When a user requests a web page, if the request is not already authenticated via session-based authentication or otherwise, Bamboo will match the 'remember me' cookie (if present) against the token stored for the user in the Bamboo database (if present).
If the random string matches the value stored in the database and the cookie has not expired, the user is authenticated.
Life of 'Remember Me' cookies
You can configure the maximum age of the cookie. To do that you will need to modify the
file and insert the following lines below the other
<init-param> <param-name>autologin.cookie.age</param-name> <param-value>2592000</param-value><!-- 30 days in seconds --> </init-param>
Other cookie usage
There are several cookies in Bamboo that are used for storing basic presentation states, such as the number of log lines to show, which tab was previously selected etc. They are:
Track which general tabs are open and closed
Date range to show the builds for agents
Date range to show the builds
Log refresh interval in seconds
Maximum # of lines to show on the live logs page
Which tab is selected on the dashboard
Which tab is selected on the Authors tab
Which time group-by period is used in the reports
The ids of the projects that are expanded on the dashboard
Was this helpful?Yes Provide feedback about this article