Auth: Persist session before refreshing current logged in user #5162

yhabteab · 2023-12-13T12:34:05Z

When using external auth, e.g. NGINX basic auth, it's not possible to use the user's session for Nagvis authentication, even though the cookie path is set to /, which allows another Icinga web instance to access that same cookie. However, as the user's cookie is periodically refreshed, this invalidates the entire session for the third party, resulting in the REMOTE_USER header being empty.

The Application State Controller already does the same thing!

icingaweb2/application/controllers/ApplicationStateController.php

Lines 38 to 40 in cd2daeb

    
           if ($last + 600 < $now) { 
        
               Session::getSession()->write(); 
        
               $params = session_get_cookie_params();

Might fix Icinga/icingaweb2-module-nagvis#35 (I didn't test it as I don't use apache). Using NGINX works fine though. @slalomsk8er can you please verify this if you are still using apache and Nagvis.

yhabteab requested a review from nilmerg December 13, 2023 12:34

cla-bot bot added the cla/signed label Dec 13, 2023

Auth: Persist session before refreshing current logged in user

e3a5112

yhabteab force-pushed the fix-shared-cookie branch from d506d71 to e3a5112 Compare December 13, 2023 12:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Auth: Persist session before refreshing current logged in user #5162

Auth: Persist session before refreshing current logged in user #5162

yhabteab commented Dec 13, 2023

	if ($last + 600 < $now) {
	Session::getSession()->write();
	$params = session_get_cookie_params();

Auth: Persist session before refreshing current logged in user #5162

Are you sure you want to change the base?

Auth: Persist session before refreshing current logged in user #5162

Conversation

yhabteab commented Dec 13, 2023