Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Fixed
Component/s: None
Labels:
None

OpenID has remember me support:

http://wiki.openid.net/Relying-Party-Best-Practices#StoreprimaryOpenIDinacookieandcheckimmediateatnextsession

This is done using checkid_immediate indirect authentication requests:

http://openid.net/specs/openid-authentication-2_0.html#anchor28

Basically, this is how it would work:

When a user logs into Studio via Google, their OpenID is set in a persistent cookie on Studio.
When that user returns to Studio, either after closing their browser or after their Crowd token had expired, Studio checks for that cookie.
If the cookie exists, the user is redirected to Google with the mode set to checkid_immediate. This tells Google not to supply the user with an authentication screen if they aren't logged in, rather, it will send them back to Studio with a unsuccessful response.
If unsuccessful, Studio clears the persistent cookie, and the user is not logged in.

The effect of the above is that if a user has clicked remember me on Google and has logged into Studio before on the browser, they will be automatically logged into Studio when they return after session expiry.

is duplicated by

CLOUD-3811 As a user logged into Google Apps, I would like to access Studio without clicking 'Log in again'

Closed

CLOUD-4328 As a google apps user, I want to remain logged into JIRA as long as I am logged in into google apps.

Closed

relates to

CLOUD-2318 Frequent timeouts in Google Apps-integrated Studios due to no "Remember me" cookie

Closed

Assignee:: Unassigned
Reporter:: James Roper [Atlassian]
Votes:: 9 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: 26/Jul/2010 12:41 AM
Updated:: 20/Sep/2019 1:45 AM
Resolved:: 30/May/2012 5:39 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates