[ https://issues.apache.org/jira/browse/CLOUDSTACK-8977?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14968880#comment-14968880 ]
ASF GitHub Bot commented on CLOUDSTACK-8977: -------------------------------------------- Github user K0zka commented on the pull request: https://github.com/apache/cloudstack/pull/961#issuecomment-150164133 Hi Daan, I have verified the result with curl -v, therefore manual verification. It would be nice to have automatic test to verify that unauthenticated users can not create session in CS whatever they do. One should get a session with login only. > cloudstack UI creates a session for users not yet logged in > ----------------------------------------------------------- > > Key: CLOUDSTACK-8977 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8977 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: UI > Affects Versions: 4.5.2 > Reporter: Laszlo Hornyak > Assignee: Laszlo Hornyak > Fix For: Future > > Original Estimate: 0.1h > Remaining Estimate: 0.1h > > The cloudstack UI always creates a session. By executing a command like 'ab > -n 200000 -c 32' the server can be killed reqlly quick. -- This message was sent by Atlassian JIRA (v6.3.4#6332)