Page 1 of 1

HTTP/HTTPS Cookie sharing issue

Posted: Fri Aug 10, 2018 2:22 pm
by gzaloprgm
Hi
I've found an issue that involves Nagios XI servers that can be accessed over both HTTP and HTTPS. After logging into the HTTPS interface, It basically renders the HTTP interface unusable (you can't log in).

Steps to reproduce:
- Login to a Nagios XI using HTTPS (for instance https://nagiosxi.demos.nagios.com/nagiosxi , ignore the certificate errors)
- Attempt to log in again, but using HTTP (for instance http://nagiosxi.demos.nagios.com/nagiosxi )
Result: "NSP: Sorry Dave, I can't let you do that" when attemping to log in. Even after logging out of the https interface the issue persists.

Workaround: Manually delete the cookie for the respective domain and log in again.
Tested with Chrome Latest (68.0.3440.106), and Firefox latest, doesn't seem to happen with IE.

I'm not sure if it only happens because of the invalid certificate.

Thanks, Gonzalo

Re: HTTP/HTTPS Cookie sharing issue

Posted: Fri Aug 10, 2018 4:21 pm
by npolovenko
Hello, @gzaloprgm! I could recreate this behavior and I passed the information over to the QA and dev teams. We will look further into this and file a bug report. Let me know if you have any other questions so far? Thanks!