How to configure the 'Remember Me' feature in Confluence
Code Changes Required
This configuration requires changing the Confluence code in your installation. You will need to reapply these changes whenever you upgrade Confluence. Proceed with caution.
Purpose
The Confluence Administration Console does not provide an option for disabling the 'Remember Me' feature. There is a feature request for this capability CONFSERVER-66598 - Getting issue details... STATUS .
As a workaround, you can modify the Velocity file login.vm
as described below.
Solution
Non clustered (single node)
The steps required are as follows:You should NOT see any cookie with the name: seraph.confluence
- Stop Confluence
- Go to your Confluence installation directory
- Locate the
<CONFLUENCE-INSTALLATION>/confluence/login.vm
file and make a backup copy - Edit the file
Locate the following line of code:
#bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end
Comment out the line so that it looks like this (note the extra '#' character in front):
##bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end
- Save the file and restart Confluence
- Repeat the above steps each time you install a new version of Confluence.
Clustered
In Confluence Data Center, we enforce the Remember Me setting silently in order to account for inconsistencies in the session affinity between cluster nodes.
To show the 'Remember me' checkbox:
- Stop Confluence.
- Set the
cluster.login.rememberme.enabled
system property totrue
. - Restart Confluence.
To disable the 'Remember me' feature:
- Stop Confluence.
- Go to Confluence installation directory.
- Locate the
<CONFLUENCE-INSTALLATION>/confluence/login.vm
file and make a backup copy. - Edit the file.
Locate the following section of code:
#if ($action.shouldRememberMeCheckboxBeOmitted()) <input type="hidden" name="os_cookie" value="true"/> #else #bodytag( "Component" "label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'") #end #end
and change the 'Remember me' cookie value to
false
as follows.<input type="hidden" name="os_cookie" value="false"/>
Save the file and restart Confluence.
- Repeat the above steps for each cluster node.
You'll need to make these modifications each time you upgrade to a new version of Confluence.
Verify the Fix
In order to verify if your changes were applied, you will need to do the following:
- Log out of your current session
- After you open Confluence and login, check your browser cookies
- If you disabled 'remember me', you should NOT see any cookie with the name:
seraph.confluence
Known Issues
On Confluence 8.0, changes were introduced to the login.vm file:
#if ($action.shouldRememberMeCheckboxBeOmitted())
<input type="hidden" name="os_cookie" value="true"/>
#else
#scomponent("label='remember.accesskey'" "name='os_cookie'" "value='false'" "theme='aui'" "template='onofflist.vm'")
#end
#end
Please note that the workaround suggested will not work on this version.
See also
HTTP authentication with Seraph
How to adjust the session timeout for Confluence