HTTP/HTTPS Cookie sharing issue

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
gzaloprgm
Posts: 33
Joined: Mon Aug 06, 2018 8:46 am
Contact:
Contact gzaloprgm

HTTP/HTTPS Cookie sharing issue

Post by gzaloprgm »

Hi
I've found an issue that involves Nagios XI servers that can be accessed over both HTTP and HTTPS. After logging into the HTTPS interface, It basically renders the HTTP interface unusable (you can't log in).

Steps to reproduce:
- Login to a Nagios XI using HTTPS (for instance https://nagiosxi.demos.nagios.com/nagiosxi , ignore the certificate errors)
- Attempt to log in again, but using HTTP (for instance http://nagiosxi.demos.nagios.com/nagiosxi )
Result: "NSP: Sorry Dave, I can't let you do that" when attemping to log in. Even after logging out of the https interface the issue persists.

Workaround: Manually delete the cookie for the respective domain and log in again.
Tested with Chrome Latest (68.0.3440.106), and Firefox latest, doesn't seem to happen with IE.

I'm not sure if it only happens because of the invalid certificate.

Thanks, Gonzalo
Top
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: HTTP/HTTPS Cookie sharing issue

Post by npolovenko »

Hello, @gzaloprgm! I could recreate this behavior and I passed the information over to the QA and dev teams. We will look further into this and file a bug report. Let me know if you have any other questions so far? Thanks!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios XI”