[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: M/Monit with HTTP basic auth
From: |
Jan-Henrik Haukeland |
Subject: |
Re: M/Monit with HTTP basic auth |
Date: |
Mon, 12 Oct 2015 23:05:45 +0200 |
You pretty much explained this yourself. It is correct what you found, when
Basic Auth is used, no session is created. The M/Monit app, as it is, depends
on a session being created and therefor only supports login via form based
auth. The exception is the /collector page which actually uses Basic Auth. This
is to lower resource usage - if you have thousands of Monit agents reporting in
to M/Monit, creating a session for each of these connections with no logout can
be expensive. The bottom line is that this is by design and unlikely to change.
Ps. The reason you where able to start with form based auth and then switch to
basic auth is because M/Monit sessions are persistent over a restart so you are
still logged into M/Monit via your browser’s zsessionid cookie.
> On 12 Oct 2015, at 21:44, Philippe Wooding <address@hidden> wrote:
>
> Hi all,
>
> I’ve started using M/Monit (3.5.1-linux-x64) and would like to use HTTP basic
> auth instead of the default login form.
> However, HTTP auth seems to be broken.
> When I log in, I get the index page ok, but when I switch to the ‘status’
> tab, I get a ‘Page not found’ error popup.
> With the standard form based auth, everything works ok.
> I traced the basic auth error down to the lack of the ‘zsessionid’ cookie.
> It never gets created with basic auth and seems to be required by the
> following query:
> http://127.0.0.1:8080/session/get?key=sHostGroup&key=sLed&key=sHostName
>
> If I start by using form based auth and then switch to basic auth, the cookie
> is known to the browser and everything
> is fine until I restart my browser.
>
> Is anyone else out there using HTTP auth or does my description ring a bell?
>
> Cheers,
>
> P Wooding