Make the 'remember me' feature configurable

XMLWordPrintable

    • 4
    • 11

      Issue Summary

      The 'remember me' checkbox is hidden and automatically checked on a DC cluster. The user by default has a 2 week session even on an untrusted device. It will be nice to allow the admins to enforce, show or disable remember me feature.

      Steps to Reproduce

      1. Set up a Confluence DC cluster
      2. Go to login form

      Expected Results

      The user should be able to choose a short session on a public machine.

      Actual Results

      There 'remember me' checkbox is hidden and automatically checked.

      Workaround

      Enforce and hide 'remember me':

      This behaviour is enforced on a DC cluster. End users by default have a shared Seraph long session between nodes.

      1. Stop Confluence
      2. Go to Confluence installation directory
      3. Locate the <CONFLUENCE-INSTALLATION>/confluence/login.vm file and make a backup copy
      4. Edit the file
      5. Locate the following section of code: 
        #if ($action.shouldRememberMeCheckboxBeOmitted())
    <input type="hidden" name="os_cookie" value="true"/>
#else
    #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end
#end
      1. Modify the above code as follows 
        <input type="hidden" name="os_cookie" value="true"/>
      1. Save the file and restart Confluence
      2. Repeat the above steps each time you install a new version of Confluence

      Show 'remember me':

      The is the default behaviour in a non-clustered instance. This allows the end user to decide to have a Tomcat short session or Seraph long session but the user may need to login in again when hitting a new node.

      Disable and hide 'remember me':

      Disable the automatic remember me on DC clusters, this allows the end user to decide to have a Tomcat short session or Seraph long session but the user may need to login in again on a new node.

      1. Stop Confluence
      2. Go to Confluence installation directory
      3. Locate the <CONFLUENCE-INSTALLATION>/confluence/login.vm file and make a backup copy
      4. Edit the file
      5. Locate the following section of code: 
        #if ($action.shouldRememberMeCheckboxBeOmitted())
    <input type="hidden" name="os_cookie" value="true"/>
#else
    #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end
#end
      1. Modify the above code as follows 
        <input type="hidden" name="os_cookie" value="false"/>
      1. Save the file and restart Confluence
      2. Repeat the above steps each time you install a new version of Confluence

      Note: 

      Bitbucket Server has implemented it already https://confluence.atlassian.com/bitbucketserver/configuration-properties-776640155.html

      Controls whether remember-me authentication is disabled, always performed or only performed when a checkbox is checked on the login form. The 'Remember my login' checkbox is only displayed when set to 'optional'. Possible values are:

      • always

      No checkbox, remember-me cookie is always generated on successful login.

      • optional

      Checkbox is displayed on login form. Remember-me cookie is only generated when checkbox is checked.

      • never

      Remember-me authentication is disabled completely.

            Assignee:
            Unassigned
            Reporter:
            Zac Xu
            Votes:
            22 Vote for this issue
            Watchers:
            18 Start watching this issue

              Created:
              Updated: