Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Login Required when changing browsers

Robert G. Nadon
Robert G. Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

Hi all,

I know that this is the way it has always been, but I have a user asking if there is a way to have Jira cache use log in information and therefore when switching browsers, or rebooting it maintains the log in status, and does not force a new login.

Thanks,

Robert 

Answer
Watch
Like Be the first to like this
571 views

2 answers

1 accepted

1 vote
Answer accepted
Alexey Matveev
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

Hello,

When a user logs in to JIRA, they have the option of making JIRA remember their login information by selecting the 'Remember my login' checkbox before they click the 'Log In' button. When they do that, a 'Remember my login' token is stored by the JIRA server and a cookie containing this token is set in the user's browser. 

I do not think it will work for different browsers but it should work for rebooting.

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 13, 2017

It bases the login on browser held information.  It would be an easy attack vector if you did a "remember and allow login in  a different browser"

Like
Robert G. Nadon
Robert G. Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

Actually I do not believe it works for either nor should it as the cache should be cleaned out upon reboot.  Jira cannot just have a token saying this user is logged in and let any access just go through.  That would be a major security hole.  Thanks.

Like
Alexey Matveev
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

You can read more here

https://confluence.atlassian.com/adminjiraserver071/prevent-automatic-login-802592330.html

A user who revisits JIRA from the same computer and browser, will automatically be logged in if JIRA detects that one of the user's 'Remember my login' tokens has a matching token contained in one of the browser's cookies. If the user logs out of JIRA, the 'Remember my login' token is cleared from the JIRA server.

Like
Reply
0 votes
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

Hi @Robert G. Nadon,

Alternatively a Windows desktop SSO solution would allow your users to log into Jira without entering a username and password. That would also work in the use cases you mentioned (switching browsers, reboot etc.) so I guess it's worth keeping it in mind.

You might want to take a look at the IWAAC Kerberos SSO plugin.

(Disclaimer: I work for the vendor of that plugin. There are obviously other vendors' plugins on Atlassian Marketplace: https://marketplace.atlassian.com/search?query=kerberos)

View More Comments
Robert G. Nadon
Robert G. Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

Thanks but no thanks.  I really was looking for a way to explain to my user that it is not possible.  Not make it possible.   Personally, I do not feel logging in is that much of a hassle.    Thanks for the info though, if I ever switch positions and the company asks for me to find a way to remove the login procedure I will keep your plugin in mind.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events