Bug 876641
Summary: | set jsessionid cookie only if user logs in using credentials AND "prefer: persistent-auth" header is set | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | David Jaša <djasa> |
Component: | ovirt-engine-restapi | Assignee: | Michael Pasternak <mpastern> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Elena <edolinin> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.1.0 | CC: | bazulay, dyasny, ecohen, iheim, mpastern, Rhev-m-bugs, sgrinber, srevivo, ykaul |
Target Milestone: | --- | ||
Target Release: | 3.2.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | infra | ||
Fixed In Version: | SF3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | Bug | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 915537 |
Description
David Jaša
2012-11-14 16:24:23 UTC
Verified in sf5 The cookie is also set when authentication fails. If you believe it is separate bug, report it. $ curl --cacert .certs/rhevm32.pem -D - -u INVALID_name@domain:password -H "filter: true" -H "Content-type: application/xml" -H "prefer: persistent-auth" https://exammple.com/api/vms -X GET HTTP/1.1 401 Unauthorized Date: Sat, 16 Mar 2013 13:54:39 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET Set-Cookie: JSESSIONID=dIX0GaHHPBBYm6X9Uxm7ajee; Path=/api; Secure HERE ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WWW-Authenticate: Basic realm="ENGINE" Content-Type: text/html;charset=utf-8 Content-Length: 978 Connection: close <html><head><title>JBoss Web/7.0.17..Final-redhat-1 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>This request requires HTTP authentication ().</u></p><HR size="1" noshade="noshade"><h3>JBoss Web/7.0.17..Final-redhat-1</h3></body></html> (In reply to comment #7) > The cookie is also set when authentication fails. If you believe it is > separate bug, report it. > > David, This is a different issue indeed, please verify this BZ against the Description. I actually specified it in summary (... only if user logs in and ...) but here you go: bug 927140 3.2 has been released 3.2 has been released 3.2 has been released |