HTTP/HTTPS Cookie sharing issue

This board serves as an open discussion and support collaboration point for Nagios XI. NOTE: Nagios XI customers should use the Customer Support forum to obtain expedited support.

HTTP/HTTPS Cookie sharing issue

Postby gzaloprgm » Fri Aug 10, 2018 2:22 pm

Hi
I've found an issue that involves Nagios XI servers that can be accessed over both HTTP and HTTPS. After logging into the HTTPS interface, It basically renders the HTTP interface unusable (you can't log in).

Steps to reproduce:
- Login to a Nagios XI using HTTPS (for instance https://nagiosxi.demos.nagios.com/nagiosxi , ignore the certificate errors)
- Attempt to log in again, but using HTTP (for instance http://nagiosxi.demos.nagios.com/nagiosxi )
Result: "NSP: Sorry Dave, I can't let you do that" when attemping to log in. Even after logging out of the https interface the issue persists.

Workaround: Manually delete the cookie for the respective domain and log in again.
Tested with Chrome Latest (68.0.3440.106), and Firefox latest, doesn't seem to happen with IE.

I'm not sure if it only happens because of the invalid certificate.

Thanks, Gonzalo
gzaloprgm
 
Posts: 2
Joined: Mon Aug 06, 2018 8:46 am

Re: HTTP/HTTPS Cookie sharing issue

Postby npolovenko » Fri Aug 10, 2018 4:21 pm

Hello, @gzaloprgm! I could recreate this behavior and I passed the information over to the QA and dev teams. We will look further into this and file a bug report. Let me know if you have any other questions so far? Thanks!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
npolovenko
Support Tech
 
Posts: 2101
Joined: Mon May 15, 2017 5:00 pm


Return to Nagios XI

Who is online

Users browsing this forum: No registered users and 10 guests