John Dennis wrote:
On 02/26/2012 03:54 PM, John Dennis wrote:
I assume you're running the script I attached. The reason why you keep
getting new sessions is because the script does not send the previous
cookie back, from the server's perspective these all appear to be new
login requests. Sessions are not tracked by user, they are tracked by
session id.

I should have added that if this was being invoked from the browser UI
like it is intended to be the cookie would be retransmitted by the
browser and you wouldn't see this behavior. I think what you're seeing
is an artifact of the clumsy way I cobbled together a test since we
don't have a UI yet. But I will verify this in a little while.

I would have expected to have gotten a brand new session with each request and yet it seems to be associating existing sessions as well.

I'm fine with a new session each time but otherwise this could leak data.


Freeipa-devel mailing list

Reply via email to