Upgrade 1.4.2 from 1.4.1 broke my clustered WebUI token

[tylerhoadley]

I just performed the upgrade from 1.4.1 to 1.4.2 and am having the same issue as this thread https://support.nagios.com/forum/viewto ... en#p191022

was this issue resolved with this user?

going through my LB via firefox gets me in, but kicks me if I click any link, chrome doesn't work at all. API queries are still working (good thing for NagiosXI checks)

if I hit each web server directly, I can get in as well.

any help or pointers to look at would be appreciated.

[tylerhoadley]

As a temporary fix, I have changed one server to be a backup (failover) server in my list so that traffic only flows through the first one. round-robin is basically disabled until this is corrected.

[hsmith]

This remote was resolved by making sure the session key matched on all instances in /var/www/html/nagioslogserver/application/config/config.local.php. It's kind of a workaround, but if you're using an RRDNS setup it might be necessary. I'll talk to the developer team and see what a better method for XSS protection is.

[tylerhoadley]

Thanks for the info.

I have matched the config directives from server1 to server2 and reloaded server2 httpd service. Then removed the backup flag in my nginx server list. This seems to have resolved my issue.

thanks for the quick response

Code: Select all

$config['encryption_key'] = 'UNIQUE_KEY';

[rkennedy]

Great to hear! Are we good to mark this one as resolved?

[tylerhoadley]

Resolved.