Thanks for your response. If indeed, it is by design and things are unlikely to change, then the M/Monit documentation (https://mmonit.com/documentation/mmonit_manual.pdf <https://mmonit.com/documentation/mmonit_manual.pdf>) should probably be updated to state that the web site can’t use anything else than form based authentication. It would have avoided my spending time trying to understand why it wasn’t working :-) Do you know why only the status page breaks when using basic auth? What information does the session hold?
Cheers > On 12 Oct 2015, at 23:05, Jan-Henrik Haukeland <[email protected]> wrote: > > You pretty much explained this yourself. It is correct what you found, when > Basic Auth is used, no session is created. The M/Monit app, as it is, depends > on a session being created and therefor only supports login via form based > auth. The exception is the /collector page which actually uses Basic Auth. > This is to lower resource usage - if you have thousands of Monit agents > reporting in to M/Monit, creating a session for each of these connections > with no logout can be expensive. The bottom line is that this is by design > and unlikely to change. > > Ps. The reason you where able to start with form based auth and then switch > to basic auth is because M/Monit sessions are persistent over a restart so > you are still logged into M/Monit via your browser’s zsessionid cookie. > > >> On 12 Oct 2015, at 21:44, Philippe Wooding >> <[email protected]> wrote: >> >> Hi all, >> >> I’ve started using M/Monit (3.5.1-linux-x64) and would like to use HTTP >> basic auth instead of the default login form. >> However, HTTP auth seems to be broken. >> When I log in, I get the index page ok, but when I switch to the ‘status’ >> tab, I get a ‘Page not found’ error popup. >> With the standard form based auth, everything works ok. >> I traced the basic auth error down to the lack of the ‘zsessionid’ cookie. >> It never gets created with basic auth and seems to be required by the >> following query: >> http://127.0.0.1:8080/session/get?key=sHostGroup&key=sLed&key=sHostName >> >> If I start by using form based auth and then switch to basic auth, the >> cookie is known to the browser and everything >> is fine until I restart my browser. >> >> Is anyone else out there using HTTP auth or does my description ring a bell? >> >> Cheers, >> >> P Wooding > > > > -- > To unsubscribe: > https://lists.nongnu.org/mailman/listinfo/monit-general
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
