Confluence 4.0 : Confluence Cookies
This page last changed on Oct 11, 2010 by smaddox.
Confluence uses Seraph, an open source framework, for HTTP cookie authentication. CookiesConfluence uses two cookies:
The 'Remember Me' CookieThe 'remember me' cookie is a long-lived HTTP cookie. This cookie can be used to authenticate an unauthenticated session. Confluence generates this cookie when the user selects the 'Remember me' checkbox on the login page. Cookie Key and ValueBy default, the cookie key is The cookie contains a unique identifier plus a securely-generated random string. Use of Cookie for AuthenticationWhen a user requests a web page, if the request is not already authenticated via session-based authentication or otherwise, Confluence will match the 'remember me' cookie (if present) against the token stored for the user in the Confluence database (if present). If the random string matches the value stored in the database and the cookie has not expired, the user is authenticated. Life of 'Remember Me' CookiesYou can configure the maximum age of the cookie. To do that you will need to modify the <init-param> <param-name>autologin.cookie.age</param-name> <param-value>2592000</param-value><!-- 30 days in seconds --> </init-param> Automatic Cleanup of 'Remember Me' TokensEvery cookie issued by Confluence has a corresponding record in the database. A scheduled job runs on 20th of every month to clean up expired tokens. The name of the trigger is Note: The only purpose of this job is to prevent the database table from growing too big. For authentication purposes, Confluence will ignore expired tokens even if they still exist in the database. Is it Possible to Disable the 'Remember Me' Feature?Confluence does not offer an option for disabling the 'Remember Me' feature. See the workaround. Notes
RELATED TOPICS |
![]() |
Document generated by Confluence on Sep 19, 2011 02:40 |