Login Required when changing browsers

Hi all,

I know that this is the way it has always been, but I have a user asking if there is a way to have Jira cache use log in information and therefore when switching browsers, or rebooting it maintains the log in status, and does not force a new login.

Thanks,

Robert 

2 answers

1 accepted

1 vote
Accepted answer
Alexey Matveev Community Champion Dec 13, 2017

Hello,

When a user logs in to JIRA, they have the option of making JIRA remember their login information by selecting the 'Remember my login' checkbox before they click the 'Log In' button. When they do that, a 'Remember my login' token is stored by the JIRA server and a cookie containing this token is set in the user's browser. 

I do not think it will work for different browsers but it should work for rebooting.

It bases the login on browser held information.  It would be an easy attack vector if you did a "remember and allow login in  a different browser"

Actually I do not believe it works for either nor should it as the cache should be cleaned out upon reboot.  Jira cannot just have a token saying this user is logged in and let any access just go through.  That would be a major security hole.  Thanks.

Alexey Matveev Community Champion Dec 13, 2017

You can read more here

https://confluence.atlassian.com/adminjiraserver071/prevent-automatic-login-802592330.html

A user who revisits JIRA from the same computer and browser, will automatically be logged in if JIRA detects that one of the user's 'Remember my login' tokens has a matching token contained in one of the browser's cookies. If the user logs out of JIRA, the 'Remember my login' token is cleared from the JIRA server.

0 votes
Bruno Vincent Community Champion Dec 13, 2017

Hi @Robert G. Nadon,

Alternatively a Windows desktop SSO solution would allow your users to log into Jira without entering a username and password. That would also work in the use cases you mentioned (switching browsers, reboot etc.) so I guess it's worth keeping it in mind.

You might want to take a look at the IWAAC Kerberos SSO plugin.

(Disclaimer: I work for the vendor of that plugin. There are obviously other vendors' plugins on Atlassian Marketplace: https://marketplace.atlassian.com/search?query=kerberos)

Thanks but no thanks.  I really was looking for a way to explain to my user that it is not possible.  Not make it possible.   Personally, I do not feel logging in is that much of a hassle.    Thanks for the info though, if I ever switch positions and the company asks for me to find a way to remove the login procedure I will keep your plugin in mind.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Tuesday in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

188 views 3 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you