Am I the only one confused by the new Remember Me functionality?

If you actually log out of the application (which we often are requested in terms of working with applications and having clean sessions), the message says that the Remember Me option is cleared. Why is Remember Me tied to logout?

In my experience, Remember Me means when i go to the login, my credentials are populated, but I log in. It doesn't tie to log out. I log out and when I go back to the login, it should know my credentials and allow me to click login.

This is how it used to work a few weeks bug (not a new bug); but Monday's release changed the overall logic - am I mistaken or is this the behavior typically experienced by others using Remember Me logic?

2 answers

There are two ways to look at the remember my login. One way is the way you thought about it related to the login.

The other way it is tied to the logout. Your encrypted credentials are remembered if you close the browser. When you reopen the browser, those encrypted credentials are used again. When you logout, you are stating explicitly you want your encrypted credentials removed.

If it is only tied to the login, it is alittle harder to get your encrypted credentials removed. In that case you need to clear your cookie cache or have some other functionality built into the application.

if you tie the remember me to login , then when someone else uses your account, they will not be prompted to login, even if you logged out.

So, it is slightly more secure having the remember me tied to logout than login since the next person will be prompted to login if you did logout.

0 votes

The Remember Me feature in OnDemand means that you don't need to login (see the login form) everytime your Application Session times out, so it will allow the system to 'know' that your browser is already authenticated after you turn off your machine and come back after a weekend for example.

When you log out it will clear all Remember Me cookies on the server, so even if you have a cookie on your browser it will fail to a authenticate and ask again for your credentials.

Please don't confuse this feature with the 'Save Credentials/Passwords' that is offered by your browser, as that will store the credentials only on the client side, avoiding you having to remember the actual credentials everytime.

We have a bug that is going to be fixed next Monday that makes the 'Remember Me' function to misbehave when the user is using a mobile device that changes it's IP address over time, so you end up beeing logged off everytime a IP address change happens.

As a last note this feature should not be used in public/shared computers as it would allow someone to impersonated your account.

Actually, I see what you are calling a bug (remember me per ip address) is a good security feature verses a bug especially for mobile devices. Yes, you should be able override this behavior or be able to configure legal domains (plural is important) that will not be challenged. As an example of this type of behavior is Bank of America challenges a login if it came from a different ip address (ie it was not seen before). It really depends if your requirement is for security or convenience.

I'm going to close the ticket as I still think it's confusing. I've gone to several other hosted applications and remember me is used to remember your credentials and password. You still login, but it helps to remember the credentials. And, most have this as a default and you check a box if you don't want your credentials remembered. And logoff is just that -- it ends your session -- it doesn't reset how you want your login preferences to be set -- those are done at login.

The goal is to still have a login, but have one click to access vs typing in your username and password.

And, since that was my experience with many other hosted applications, including many that you probably use as well (just go look at your email if you use an email service), Quickbooks, online banking, brokerage accounts, etc. I would have expected OnDemand to work as most others to provide that consistency that users have come to expect.

So, I just have to explain to my users that Atlassian doesn't work the same way. It's different. But, it's frustrating that, although there is no 'standard', that the PMs don't consider how most other apps behave to make it less confusing.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

812 views 3 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you