This page last changed on Apr 20, 2010 by smaddox.

Confluence uses Seraph, an open source framework, for HTTP cookie authentication.

Cookies

Confluence uses two cookies. The first, a JSESSIONID cookie, is created by the Application Server and used for session tracking purposes. The second, the 'Remember my login on this computer' cookie, is generated by Confluence when the user selects the check-box on the login page.

You can read about cookies on the Wikipedia page.


 

Safe Information Transit

The cookie information is always encoded by the server before it is given to a client. A cookie that has been tampered with will be considered to be not valid.

Session and Cookie Logic

Essentially, the cookie contains encrypted username and the user's password. To be more precise confluence uses PBE (password based encryption) with MD5 and DES, where password(also known as 'private key') is configurable in the seraph-config.xml file. The user's password in the cookie is necessary to ensure that the cookie is no longer valid if the user changes their password. The username must be retrievable by the server to identify the user solely from the cookie, which is what the 'Remember my login on this computer' feature does.

The private key for confluence is stored at confluence-install/confluence/WEB-INF/Classes/seraph-config.xml in the cookie.encoding parameter. Please change this to something other than the default.

Is it Possible to Disable the 'Remember my login on this computer' Feature?

At the moment there is no available option for disabling "Remember My Login on this computer" feature via the Admin console. See the workaround here.

The user login Auto Completion functionality is a browser feature, and there is nothing Confluence can enable or disable.

RELATED TOPICS
Page: Confluence Cookies
Page: Assigning Space Permissions
Page: Confluence Security Advisory 2006-01-23
Page: HTML Macro
Page: Revoking Space Permissions
Page: How to Hide the Referrer
Page: Confluence Security
Page: Security Overview
Page: View File Macro
Page: Edit in Word Link Macro
Page: Hiding the People Directory
Page: Space Permissions Overview


Document generated by Confluence on Jul 09, 2010 01:08