Cookies in Bamboo

Bamboo uses Seraph, an open source framework, for HTTP cookie authentication.

Authentication cookies

Bamboo uses two cookies:

  • The JSESSIONID cookie is created by the application server and used for session tracking purposes.
  • The 'remember me' cookie, seraph.bamboo, is generated by Bamboo when the user selects the Remember me checkbox on the login page.

(info) You can read about cookies on the Wikipedia page.

On this page:

The 'Remember Me' cookie

The 'remember me' cookie is a long-lived HTTP cookie. This cookie can be used to authenticate an unauthenticated session. Bamboo generates this cookie when the user selects the Remember me checkbox on the login page.

Cookie key and value

By default, the cookie key is seraph.bamboo. This key is defined in the BAMBOO-INSTALLATION/webapp/WEB-INF/classes/seraph-config.xml file, in the login.cookie.key parameter.

The cookie contains a unique identifier plus a securely-generated random string.

Use of cookie for authentication

When a user requests a web page, if the request is not already authenticated via session-based authentication or otherwise, Bamboo will match the 'remember me' cookie (if present) against the token stored for the user in the Bamboo database (if present).

If the random string matches the value stored in the database and the cookie has not expired, the user is authenticated.

Life of 'Remember Me' cookies

You can configure the maximum age of the cookie. To do that you will need to modify the BAMBOO-INSTALLATION/webapp/WEB-INF/classes/seraph-config.xml file and insert the following lines below the other init-param elements:

        <init-param>
            <param-name>autologin.cookie.age</param-name>
            <param-value>2592000</param-value><!-- 30 days in seconds -->
        </init-param>

Other cookie usage

There are several cookies in Bamboo that are used for storing basic presentation states, such as the number of log lines to show, which tab was previously selected etc. They are:

CookiePurpose

AJS.conglomerate.cookie

Track which general tabs are open and closed

BAMBOO-AGENT-FILTER

Date range to show the builds for agents

BAMBOO-BUILD-FILTER

Date range to show the builds

BAMBOO-LOG-REFRESH

Log refresh interval in seconds

BAMBOO-MAX-DISPLAY-LINES

Maximum # of lines to show on the live logs page

atlassian.bamboo.dashboard.tab.selected

Which tab is selected on the dashboard

bamboo.author.view

Which tab is selected on the Authors tab

bamboo.build.groupby.type

Which time group-by period is used in the reports

bamboo.dash.display.toggle

The ids of the projects that are expanded on the dashboard

Last modified on Jul 1, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.