Hi! I have a site where I run several utilities such as Smokeping, Nagios, Cacti, Vault, etc, on Apache 2.4, and these sites are "protected" by Apache's mod_session module. If a user tries to access any of the mentioned utilities on our server, they get a login prompt, which saves a session cookie (i.e. mod_session) site-wide granting access to any of these restricted tools.
Once a user is authenticated, he's authenticated for everything. In the case of Smokeping, when a user accesses ourserver.tld/smokeping, they are prompted for their login credentials, and then the smokeping page is displayed properly. From there, if they decide to go anywhere else (such as ourserver.tld/nagios for example) they won't be prompted for credentials until their cookie expires. However, if a user stays on smokeking and clicks any of the links within smokeping, such as to view the stats of various hosts, each time they click a link, they get prompted to re-authenticate again and again each time they browse within the smokeping Targets menu. I am wondering if within the Smokeping code, it might be sending a header directive to not read cookies, or perhaps itself using cookies which might be interfering with mod_session? -- Peter
_______________________________________________ smokeping-users mailing list [email protected] https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
