Code changed in jenkins
User: Daniel Beck
Path:
core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
http://jenkins-ci.org/commit/jenkins/2d9dec951ecb91608ae1644e5c988e8e8734d4f0
Log:
JENKINS-15757 Ignore 'remember me' if disabled in configuration
The previous implementation of 'disable remember me' just removes the
checkbox from the UI. Users still can set the parameter using a web
browser extension, or patch the login page using a Greasemonkey script
and keep using the feature. And just after the feature is enabled, users
still might be able to use it if they loaded the login page early.
This change prevents that by checking the current configuration and, if
'remember me' is disabled, ignoring any headers set.
Code changed in jenkins
User: Stephen Connolly
Path:
changelog.html
core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
core/src/main/java/jenkins/model/Jenkins.java
core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html
core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
core/src/main/resources/jenkins/model/Jenkins/login.jelly
http://jenkins-ci.org/commit/jenkins/69ba2b8d6725b365734a1c96a71dcbae21bc3b1e
Log:
[FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen
remember_me cookie on their browser, but this option should cover the 99.9% case.