...
Alternatively, a New JIRA Connection can be configured using WebLogin feature, available in JIRA Client v. 3.8 and later. When this feature is used, a user has an option of not storing any login information passwords locally. Since JIRA Client will be connecting using an embedded Web Browser to JIRA sessions managed by a web browserstart JIRA session, user can choose is required to enter username and password every time when a initial session connection is established. Please In addition to keeping a password from being compromised this method allows to connect to JIRA instances that use complex authentication scenarios, e.g. Single Sign-On. Please keep in mind that if a user will select Remember my login on this computer check box, username and password may be stored by the browser itself. Also, while a session is activewhen a web session is created, browser creates a cookie file, that theoretically is used by the web server to identify the requests and ensure that they belong to the session. Therefore under certain circumstances the cookie may be used to gain unathorized unauthorized access to the current active session.
The behavior of an active web browser JIRA session is controlled determined by the settings of the Tomcat web server that JIRA Server runs on. However, JIRA Client can affect the such behavior of by keeping the web session alive. When JIRA Client is running and if *Automatic Synchronization* is enabled, JIRA Client would be frequently and consistently checking JIRA server for changes, thus keeping the session alive. JIRA Client does not "log out" on it's own while it is running. So while it is running the web session will stay active. Currently there is no way to set a time out and force JIRA Client to log out automatically.
...