Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth: Persist session before refreshing current logged in user #5162

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

yhabteab
Copy link
Member

When using external auth, e.g. NGINX basic auth, it's not possible to use the user's session for Nagvis authentication, even though the cookie path is set to /, which allows another Icinga web instance to access that same cookie. However, as the user's cookie is periodically refreshed, this invalidates the entire session for the third party, resulting in the REMOTE_USER header being empty.

The Application State Controller already does the same thing!

if ($last + 600 < $now) {
Session::getSession()->write();
$params = session_get_cookie_params();

Might fix Icinga/icingaweb2-module-nagvis#35 (I didn't test it as I don't use apache). Using NGINX works fine though. @slalomsk8er can you please verify this if you are still using apache and Nagvis.

@yhabteab yhabteab requested a review from nilmerg December 13, 2023 12:34
@cla-bot cla-bot bot added the cla/signed label Dec 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Autologin via Apache results in not authenticated
1 participant