fusion mutliple sessions

[MichielvM]

I'm seeing some weird behaviour when logging into Fusion with more than one session.
I've tested it with Firefox, IE and Chrome. Similar behaviour.

I logon as User1, open a new tab as User2, and a third tab as User3. I switch to Views on all three tabs.
At first it looks normal. But after a few seconds this happens:
- UserX gets views from UserY or UserZ. Random.
- UserX suddenly shows logged in as UserY or UserZ, or all tabs show UserX. Again random.

It's a bit difficult to describe as this behaviour is random and unpredictable..
I can't find any reference on the internet, and using three browsers, leads me to believe that the cause lies within Nagios Session management.

Note; I also had an interesting issue from one of my users. He used his own user account and ended up logged in as Nagiosadmin.

[lmiltchev]

I'm seeing some weird behaviour when logging into Fusion with more than one session.

Just to clarify... When you open your three tabs in a browser, are you logged in as User1, 2 & 3 into Fusion or you are logged in as User1, 2 & 3 into Nagios XI through Fusion (by clicking on a link to drill down to a host/service)?

[MichielvM]

I have 3 separate fusion sessions. Just to be on the safe said I cleared my browser cache, although I tested it with other browsers (IE/Chrome) and got the same behaviour.
This is a serious issue for us, as we cannot expect our engineers to 'manually' check for problems every 5 minutes.

[sreinhardt]

This is not possible. Your browser will only use one active session at a time. If you log in to one tab, then proceed to login with another tab, it will overwrite the previous session within your browser. The only way to do this would be to use three separate computers or three separate browsers, neither of which fusion should have any issue with. This is how every site that uses sessions will work, it will always overwrite the cookie with the latest login session. Again, if they are on separate computers there should be absolutely no issue here.

[MichielvM]

A user with limited access logged in on his own desktop and got my nagiosadmin session.
Haven't been able to reproduce it, but it did happen.

[tmcdonald]

A user with limited access logged in on his own desktop and got my nagiosadmin session.
Haven't been able to reproduce it, but it did happen.

Can you give us as much detail as you can as to how this happened? Steps taken, the order in which they happened, anything notable about the sessions? If we can't reproduce this on our end it will be extremely hard to find a cause, let-alone fix it.

[MichielvM]

I'm aware of that. I have asked my colleague to keep an eye on it. As soon as -or better IF- it happens again, I'll try to get more data.
For now I can only describe it as in my previous post.

He was logged on to fusion with a simple user account, I was logged in as nagiosadmin. Separate machines ofcourse.
After a short time (<1minute) he noticed "Logged in as: nagiosadmin" in upper right corner.
I have never used this account on his desktop, neither does he know the password for it.
I did create all user accounts on my desktop, if that's any help.

[lmiltchev]

I haven't been able to recreate the issue. I created a new user (non-admin) on my test Fusion box, and logged in as this user in a different browser (Chrome) on the same machine, while I was logged in as "nagiosadmin" in Nagios Fusion in Firefox. I've waited for at least 30 min but the username in the upper right corner never changed to "nagiosadmin"...

I will leave the topic unlocked in case you are able to recreate the issue or have some new info for us.

[MichielvM]

This is startting to get a bit annoying.
We have several low-permission users clicking on fusion links and automatically getting logged on as nagiosadmin.
Copy/pasting the urls into a browser has the same result.
These links have never been opened on their desktops before, so cached credentials seems to be out of the question.
There is no difference between Internet Explorer and Firefox.
We have one fusion (1.7) and 28 XI servers (mostly 2.5 and a few 2.9)

We have this unconfirmed feeling that it occurs when somewere, someone is logged into fusion as nagiosadmin.
This would explain that the 'hijacked' account is always Nagiosadmin. I have not seen it hijack another admin account.
To avoid this, the admins are given personal accounts and are stressed to use this and only this personal account.
Keep you posted how this works out.

[sreinhardt]

If I am reading this correctly you are saying that when a user clicks a link in fusion, that should drill into and XI system, they are logged in as nagiosadmin, correct? Are you also using the nagiosadmin account, as the account that fusion uses to collect data and communicate with those XI systems? If so I believe we are discussing a known issue, that is presently being worked on by the devs. If not please correct my logic here, i certainly could have missed something.