How to configure the 'Remember Me' feature in Confluence
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Code Changes Required
This configuration requires changing the Confluence code in your installation. You will need to reapply these changes whenever you upgrade Confluence. Proceed with caution.
Purpose
The Confluence Administration Console does not provide an option for disabling the 'Remember Me' feature. There is a feature request for this capability CONFSERVER-66598 Make the 'remember me' feature configurable.
As a workaround, you can modify the Velocity file login.vm as described below.
Solution
Non clustered (single node)
The steps required are as follows:You should NOT see any cookie with the name: seraph.confluence
- Stop Confluence
- Go to your Confluence installation directory
- Locate the
<CONFLUENCE-INSTALLATION>/confluence/login.vmfile and make a backup copy - Edit the file
Locate the following line of code:
#bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #endComment out the line so that it looks like this (note the extra '#' character in front):
##bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end- Save the file and restart Confluence
- Repeat the above steps each time you install a new version of Confluence.
Clustered
In Confluence Data Center, we enforce the Remember Me setting silently in order to account for inconsistencies in the session affinity between cluster nodes.
To show the 'Remember me' checkbox:
- Stop Confluence.
- Set the
cluster.login.rememberme.enabledsystem property totrue. - Restart Confluence.
To disable the 'Remember me' feature:
- Stop Confluence.
- Go to Confluence installation directory.
- Locate the
<CONFLUENCE-INSTALLATION>/confluence/login.vmfile and make a backup copy. - Edit the file.
Locate the following section of code:
#if ($action.shouldRememberMeCheckboxBeOmitted()) <input type="hidden" name="os_cookie" value="true"/> #else #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end #endand change the 'Remember me' cookie value to
falseas follows.<input type="hidden" name="os_cookie" value="false"/>Save the file and restart Confluence.
- Repeat the above steps for each cluster node.
You'll need to make these modifications each time you upgrade to a new version of Confluence.
Verify the Fix
In order to verify if your changes were applied, you will need to do the following:
- Log out of your current session
- After you open Confluence and login, check your browser cookies
- If you disabled 'remember me', you should NOT see any cookie with the name:
seraph.confluence
Known Issues
On Confluence 8.0, changes were introduced to the login.vm file:
#if ($action.shouldRememberMeCheckboxBeOmitted())
<input type="hidden" name="os_cookie" value="true"/>
#else
#scomponent("label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'")
#end
#endPlease note that the workaround suggested will not work on this version.
See also
- Confluence Cookies
- HTTP authentication with Seraph
- HTTP Cookie - Wikipedia
- How to adjust the session timeout for Confluence