Hi all,
I know that this is the way it has always been, but I have a user asking if there is a way to have Jira cache use log in information and therefore when switching browsers, or rebooting it maintains the log in status, and does not force a new login.
Thanks,
Robert
Hello,
When a user logs in to JIRA, they have the option of making JIRA remember their login information by selecting the 'Remember my login' checkbox before they click the 'Log In' button. When they do that, a 'Remember my login' token is stored by the JIRA server and a cookie containing this token is set in the user's browser.
I do not think it will work for different browsers but it should work for rebooting.
It bases the login on browser held information. It would be an easy attack vector if you did a "remember and allow login in a different browser"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Actually I do not believe it works for either nor should it as the cache should be cleaned out upon reboot. Jira cannot just have a token saying this user is logged in and let any access just go through. That would be a major security hole. Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can read more here
https://confluence.atlassian.com/adminjiraserver071/prevent-automatic-login-802592330.html
A user who revisits JIRA from the same computer and browser, will automatically be logged in if JIRA detects that one of the user's 'Remember my login' tokens has a matching token contained in one of the browser's cookies. If the user logs out of JIRA, the 'Remember my login' token is cleared from the JIRA server.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Robert G. Nadon,
Alternatively a Windows desktop SSO solution would allow your users to log into Jira without entering a username and password. That would also work in the use cases you mentioned (switching browsers, reboot etc.) so I guess it's worth keeping it in mind.
You might want to take a look at the IWAAC Kerberos SSO plugin.
(Disclaimer: I work for the vendor of that plugin. There are obviously other vendors' plugins on Atlassian Marketplace: https://marketplace.atlassian.com/search?query=kerberos)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks but no thanks. I really was looking for a way to explain to my user that it is not possible. Not make it possible. Personally, I do not feel logging in is that much of a hassle. Thanks for the info though, if I ever switch positions and the company asks for me to find a way to remove the login procedure I will keep your plugin in mind.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.