Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-694

Have JIRA delete cookie when user authentication fails

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 1.4
    • None
    • JIRA 1.3.3, Resin, Novell NDS.
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      I would like to suggest that if JIRA loads the user details (id and password) from a cookie and attempts to authenticate and fails then JIRA should delete the cookie.

      The logic behind this is:
      We are using LDAP for authentication to Novell's NDS and if a user gets JIRA to remember their id and password (by saving a cookie). When the user changes their NDS password (as it expires every 20 days) and the user then attempts to get into JIRA. JIRA will load the cookie with the old password and lock the user's NDS account dur to too many failed login attemtps.

      With the suggested change there would be only one failed login attempt and the user would be promoted to login which they would be able to do with their new password.

      Greg.

      Attachments

        Activity

          People

            mike@atlassian.com Mike Cannon-Brookes
            06dbb20c64ad Greg Perrott
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: