You can read about cookies on the Wikipedia page.
Confluence uses Seraph, an open source framework, for HTTP cookie authentication.
Confluence uses two cookies:
seraph.confluence, is generated by Confluence when the user selects the 'Remember me' checkbox on the login page. You can read about cookies on the Wikipedia page.
The 'remember me' cookie is a long-lived HTTP cookie. This cookie can be used to authenticate an unauthenticated session. Confluence generates this cookie when the user selects the 'Remember me' checkbox on the login page.
By default, the cookie key is seraph.confluence. This key is defined in the CONFLUENCE-INSTALLATION/confluence/WEB-INF/classes/seraph-config.xml file, in the login.cookie.key parameter.
The cookie contains a unique identifier plus a securely-generated random string.
When a user requests a web page, if the request is not already authenticated via session-based authentication or otherwise, Confluence will match the 'remember me' cookie (if present) against the token stored for the user in the Confluence database (if present).
ランダムな文字列が、データベースに格納されている値と一致し、クッキーの有効期限が切れていない場合は、ユーザーは認証されます。
cookie には有効期限を設定できます。これを行うには、CONFLUENCE-INSTALLATION/confluence/WEB-INF/classes/seraph-config.xml ファイルを変更し、init-param 要素の下に次の行を挿入します。
<init-param>
<param-name>autologin.cookie.age</param-name>
<param-value>2592000</param-value><!-- 30 days in seconds -->
</init-param>
|
Every cookie issued by Confluence has a corresponding record in the database. A scheduled job runs on 20th of every month to clean up expired tokens. The name of the trigger is clearExpiredRememberMeTokensTrigger.
注意: このジョブの唯一の目的は、データベース テーブルが巨大化するのを防止することです。認証目的については、Confluence は期限切れのトークンがまだデータベースに存在していても無視します。
Confluence does not offer an option for disabling the 'Remember Me' feature. See the workaround.
