This page last changed on Oct 11, 2010 by ggaskell.

On this page:

Introduction

When a user logs in to a JIRA site, they have the option of making JIRA remember their login on a specific computer and browser, by selecting the 'Remember my login...' check box before they click the 'Log In' button. Upon doing so, a 'Remember my login' token is stored by the JIRA server and a cookie containing this token is set in the user's browser.

A user who revisits a JIRA site from the same computer and browser, will automatically be logged in if JIRA detects that one of the user's 'Remember my login' tokens has a matching token contained in one of that browser's cookies. If the user logs out of JIRA, the 'Remember my login' token (which matches the relevant browser cookie) is cleared from the JIRA server.

To maximise and maintain the security of your JIRA site, JIRA provides features for:

  • clearing 'Remember my login' tokens associated with individual user accounts and
  • clearing all 'Remember my login' tokens stored by your JIRA site.

These features are especially useful in situations where users have been accessing your JIRA site in a public environment, selected the 'Remember by login...' check box before logging in, but have forgotten to log out.

If you are a JIRA administrator who wishes to disable this feature from your JIRA site, please refer to Disabling Remember My Login on this Computer.

Clearing 'Remember my login' Tokens from a User Profile

A JIRA user can clear all of their own 'Remember my login' tokens from JIRA through their user profile. To do this:

  1. Visit your User Profile.
  2. In the Details section, click the 'Clear All Tokens' link. The Remember my login message box appears.
    Screenshot: 'Remember my login' message box
  3. Click the 'Clear All Tokens' button. All tokens associated with your user account will be removed from the JIRA server.

Clearing a User's 'Remember my login' Tokens from the Administration Console

JIRA administrators can clear all 'Remember my login' tokens associated with any user's account through the JIRA administration console. To do this:

  1. Log in as a user with the JIRA Administrators global permission.
  2. Bring up the administration page by clicking either the 'Administration' link on the top bar or the title of the Administration box on the dashboard.
  3. Click 'User Browser' from the Users, Groups & Roles section of the administration menu. This displays the User Browser.
  4. Click the Username or Email Address of the user whose 'Remember my login' tokens you wish to remove. Details about that user and their login information is displayed.
    To restrict the list of users shown in the User Browser, use the Filter form at the top of the User Browser. Specifying (part of) the user's email and/or group, then clicking the 'Filter' button, will reduce the list to only those users who match those criteria.
  5. Click the 'Remember My Login' link to display that user's Remember My Login page.
    Screenshot: 'Remember My Login' link on the User Administration Page

    Screenshot: A User's 'Remember My Login' Page
  6. Click the 'Clear All' button to remove all 'Remember my login' tokens associated with this user account from the JIRA server.

Clearing all 'Remember my login' Tokens from the JIRA site

JIRA administrators can also clear all 'Remember my login' tokens from their JIRA site through JIRA's administration console. To do this:

  1. Log in as a user with the JIRA Administrators global permission.
  2. Bring up the administration page by clicking either the 'Administration' link on the top bar or the title of the Administration box on the dashboard.
  3. Click 'Remember My Login' from the System section of the administration menu. This displays the Remember My Login for All Users page.
    Screenshot: The 'Remember My Login for All Users' Page
  4. Click the 'Clear All' button to remove all 'Remember my login' tokens from the JIRA server.

Document generated by Confluence on Mar 27, 2011 18:32