How to configure the 'Remember Me' feature in Confluence

Still need help?

The Atlassian Community is here for you.

Ask the community

Code Changes Required

This configuration requires changing the Confluence code in your installation. You will need to reapply these changes whenever you upgrade Confluence. Proceed with caution.

Purpose

The Confluence Administration Console does not provide an option for disabling the 'Remember Me' feature. There is a feature request for this capability  CONFSERVER-66598 - Getting issue details... STATUS .

As a workaround, you can modify the Velocity file login.vm as described below. 

Solution

Non clustered (single node)

The steps required are as follows:You should NOT see any cookie with the name: seraph.confluence

  1. Stop Confluence
  2. Go to your Confluence installation directory
  3. Locate the <CONFLUENCE-INSTALLATION>/confluence/login.vm file and make a backup copy
  4. Edit the file
  5. Locate the following line of code:

    #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" 
    "template='onofflist.vm'") #end
    

    Comment out the line so that it looks like this (note the extra '#' character in front):

    ##bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" 
    "template='onofflist.vm'") #end
    
  6. Save the file and restart Confluence
  7. Repeat the above steps each time you install a new version of Confluence.


Clustered 

In Confluence Data Center, we enforce the Remember Me setting silently in order to account for inconsistencies in the session affinity between cluster nodes.

To show the 'Remember me' checkbox:

  1. Stop Confluence.
  2. Set the cluster.login.rememberme.enabled system property to true.   
  3. Restart Confluence.

To disable the 'Remember me' feature:

  1. Stop Confluence.
  2. Go to Confluence installation directory.
  3. Locate the <CONFLUENCE-INSTALLATION>/confluence/login.vm file and make a backup copy.
  4. Edit the file.
  5. Locate the following section of code:

    #if ($action.shouldRememberMeCheckboxBeOmitted())
        <input type="hidden" name="os_cookie" value="true"/>
    #else
        #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end
    #end

    and change the 'Remember me' cookie value to false as follows. 

    <input type="hidden" name="os_cookie" value="false"/>
  6. Save the file and restart Confluence.

  7. Repeat the above steps for each cluster node. 

(warning) You'll need to make these modifications each time you upgrade to a new version of Confluence.

Verify the Fix

In order to verify if your changes were applied, you will need to do the following:

  1. Log out of your current session
  2. After you open Confluence and login, check your browser cookies
  3. If you disabled 'remember me', you should NOT see any cookie with the name: seraph.confluence


Known Issues

On Confluence 8.0, changes were introduced to the login.vm file:

#if ($action.shouldRememberMeCheckboxBeOmitted())
	<input type="hidden" name="os_cookie" value="true"/>
#else
	#scomponent("label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'")
	#end
#end

Please note that the workaround suggested will not work on this version.

See also

Confluence Cookies

HTTP authentication with Seraph

HTTP Cookie - Wikipedia

How to adjust the session timeout for Confluence



Last modified on Aug 4, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.