Prevent automatic login

Overview

When a user logs in to Jira, they have the option of making Jira remember their login information by selecting the 'Remember my login' checkbox before they click the 'Log In' button. When they do that, a 'Remember my login' token is stored by the Jira server and a cookie containing this token is set in the user's browser. 

 A user who revisits Jira from the same computer and browser, will automatically be logged in if Jira detects that one of the user's 'Remember my login' tokens has a matching token contained in one of the browser's cookies. If the user logs out of Jira, the 'Remember my login' token is cleared from the Jira server.

To maximize and maintain the security of your Jira instance, Jira provides features for:

  • Disabling the "remember my login" functionality for the Jira instance.
  • Clearing the "remember my login" tokens for individual user accounts.
  • Clearing all "remember my login" tokens stored by your Jira instance.

Manage automatic logins:

  • To maximize security by requiring a user to enter all of their credentials each login.
  • If users have been accessing your Jira application in a public environment.
  • If users aren't in the habit of formally logging out of Jira.

For all of the following procedures, you must be logged in as a user with the Jira administrators global permission.

Clear a "remember my login" token for a specific user

Jira administrators can clear all "remember my login" tokens associated with a user's account through the Jira administration console.

To clear a login token for a user
  1. In the upper-right corner of the screen, select Administration User Management.

  2. Find the user in the list and click the Username or Email address of the user whose "remember my login" tokens you wish to remove. Details about that user and their login information is displayed.
  3. Select the Remember my login link to display that user's Remember my login page.
  4. Select Clear All to remove all "remember my login" tokens associated with this user account from the Jira server.

Clear all "remember my login" tokens for the entire Jira instance

Jira administrators can also clear all 'Remember my login' tokens from their Jira instance with a few simple clicks. 

To clear a login token for the instance
  1. In the upper-right corner of the screen, select Administration  > System.
  2. Under Security (the left-side panel), select Remember my login to open the Remember my login for all users page.
  3. Select Clear all to remove all "remember my login" tokens from the Jira server.

Disable "remember my login on this computer" option for your Jira instance

If you never want Jira to remember login tokens, you can choose to disable "remember my login" tokens for the entire Jira instance.

To disable this feature

 Option 1 (recommended)

The checkbox for this option can be disabled by setting the jira.option.allowcookies property to false in your jira-config.properties file. You will need to restart Jira in order for this change to take effect.

Option 2
Edit the ./atlassian-jira/includes/loginform.jsp file.


Last modified on Oct 7, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.