Login Required when changing browsers

Hi all,

I know that this is the way it has always been, but I have a user asking if there is a way to have Jira cache use log in information and therefore when switching browsers, or rebooting it maintains the log in status, and does not force a new login.

Thanks,

Robert 

2 answers

1 accepted

1 vote
Alexey Matveev Community Champion Dec 13, 2017

Hello,

When a user logs in to JIRA, they have the option of making JIRA remember their login information by selecting the 'Remember my login' checkbox before they click the 'Log In' button. When they do that, a 'Remember my login' token is stored by the JIRA server and a cookie containing this token is set in the user's browser. 

I do not think it will work for different browsers but it should work for rebooting.

It bases the login on browser held information.  It would be an easy attack vector if you did a "remember and allow login in  a different browser"

Actually I do not believe it works for either nor should it as the cache should be cleaned out upon reboot.  Jira cannot just have a token saying this user is logged in and let any access just go through.  That would be a major security hole.  Thanks.

Alexey Matveev Community Champion Dec 13, 2017

You can read more here

https://confluence.atlassian.com/adminjiraserver071/prevent-automatic-login-802592330.html

A user who revisits JIRA from the same computer and browser, will automatically be logged in if JIRA detects that one of the user's 'Remember my login' tokens has a matching token contained in one of the browser's cookies. If the user logs out of JIRA, the 'Remember my login' token is cleared from the JIRA server.

0 vote
Bruno Vincent Community Champion Dec 13, 2017

Hi @Robert G. Nadon,

Alternatively a Windows desktop SSO solution would allow your users to log into Jira without entering a username and password. That would also work in the use cases you mentioned (switching browsers, reboot etc.) so I guess it's worth keeping it in mind.

You might want to take a look at the IWAAC Kerberos SSO plugin.

(Disclaimer: I work for the vendor of that plugin. There are obviously other vendors' plugins on Atlassian Marketplace: https://marketplace.atlassian.com/search?query=kerberos)

Thanks but no thanks.  I really was looking for a way to explain to my user that it is not possible.  Not make it possible.   Personally, I do not feel logging in is that much of a hassle.    Thanks for the info though, if I ever switch positions and the company asks for me to find a way to remove the login procedure I will keep your plugin in mind.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Bridget Sauer
Published Thursday in Marketplace Apps

Calling all developers––You're invited to Atlas Camp 2018

 Atlas Camp   is our developer event which will take place in Barcelona, Spain  from the 6th -7th of   September . This is a great opportunity to meet other developers and get n...

223 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you