This page last changed on Jul 23, 2008 by rbattaglin.

Confluence uses Seraph, an open source framework, for HTTP cookie authentication.

Cookies

Confluence uses two cookies. The first, a JSESSIONID cookie, is created by the Application Server and used for session tracking purposes. The second, the 'Remember my login on this computer' cookie, is generated by Confluence when the user selects the check-box on the log-in page.


 

Safe Information Transit

The cookie information is always encoded by the server before it is given to a client. A cookie that has been tampered with will be considered to be not valid.

Session and Cookie Logic

Essentially, the cookie contains a reversible hash of the username and a one-way hash of the user's password. The password is necessary to ensure that the cookie is no longer valid if the user changes their password. The username must be retrievable by the server to identify the user solely from the cookie, which is what the 'Remember my login on this computer' feature does.

Is it Possible to Disable the 'Remember my login on this computer' Feature?

At the moment there is no available option for disabling "Remember My Login on this computer" feature via the Admin console. See the workaround here.

The user login Auto Completion functionality is a browser feature, and there is nothing Confluence can enable or disable.

RELATED TOPICS
View File Macro
HTML Macro
Edit in Word Link Macro
Confluence Security Advisory 2006-01-23
Hiding the People Directory
Space Permissions Overview
Confluence Cookies
How do I tell if a user has permission to...?
Assigning Space Permissions
Revoking Space Permissions
Security Overview
Confluence Permissions Architecture
Anti-XSS documentation
Confluence Security


Document generated by Confluence on Dec 03, 2008 15:04