Page 1 of 1
Upgrade 1.4.2 from 1.4.1 broke my clustered WebUI token
Posted: Wed Aug 03, 2016 8:48 am
by tylerhoadley
I just performed the upgrade from 1.4.1 to 1.4.2 and am having the same issue as this thread
https://support.nagios.com/forum/viewto ... en#p191022
was this issue resolved with this user?
going through my LB via firefox gets me in, but kicks me if I click any link, chrome doesn't work at all. API queries are still working (good thing for NagiosXI checks)
if I hit each web server directly, I can get in as well.
any help or pointers to look at would be appreciated.
Re: Upgrade 1.4.2 from 1.4.1 broke my clustered WebUI token
Posted: Wed Aug 03, 2016 9:13 am
by tylerhoadley
As a temporary fix, I have changed one server to be a backup (failover) server in my list so that traffic only flows through the first one. round-robin is basically disabled until this is corrected.
Re: Upgrade 1.4.2 from 1.4.1 broke my clustered WebUI token
Posted: Wed Aug 03, 2016 9:21 am
by hsmith
This remote was resolved by making sure the session key matched on all instances in /var/www/html/nagioslogserver/application/config/config.local.php. It's kind of a workaround, but if you're using an RRDNS setup it might be necessary. I'll talk to the developer team and see what a better method for XSS protection is.
Re: Upgrade 1.4.2 from 1.4.1 broke my clustered WebUI token
Posted: Wed Aug 03, 2016 9:31 am
by tylerhoadley
Thanks for the info.
I have matched the config directives from server1 to server2 and reloaded server2 httpd service. Then removed the backup flag in my nginx server list. This seems to have resolved my issue.
thanks for the quick response
Code: Select all
$config['encryption_key'] = 'UNIQUE_KEY';
Re: Upgrade 1.4.2 from 1.4.1 broke my clustered WebUI token
Posted: Wed Aug 03, 2016 9:55 am
by rkennedy
Great to hear! Are we good to mark this one as resolved?
Re: Upgrade 1.4.2 from 1.4.1 broke my clustered WebUI token
Posted: Thu Oct 20, 2016 11:57 am
by tylerhoadley
Resolved.