Hi
I've found an issue that involves Nagios XI servers that can be accessed over both HTTP and HTTPS. After logging into the HTTPS interface, It basically renders the HTTP interface unusable (you can't log in).
Steps to reproduce:
- Login to a Nagios XI using HTTPS (for instance https://nagiosxi.demos.nagios.com/nagiosxi , ignore the certificate errors)
- Attempt to log in again, but using HTTP (for instance http://nagiosxi.demos.nagios.com/nagiosxi )
Result: "NSP: Sorry Dave, I can't let you do that" when attemping to log in. Even after logging out of the https interface the issue persists.
Workaround: Manually delete the cookie for the respective domain and log in again.
Tested with Chrome Latest (68.0.3440.106), and Firefox latest, doesn't seem to happen with IE.
I'm not sure if it only happens because of the invalid certificate.
Thanks, Gonzalo
HTTP/HTTPS Cookie sharing issue
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: HTTP/HTTPS Cookie sharing issue
Hello, @gzaloprgm! I could recreate this behavior and I passed the information over to the QA and dev teams. We will look further into this and file a bug report. Let me know if you have any other questions so far? Thanks!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.