On Thu, Mar 22, 2018 at 8:56 AM, ggagnon <[email protected]> wrote: > Actually, as I keep investigating, it seems the issue is in good parts > "caused" by the GUAC_AUTH cookie. If I delete that cookie between > invocations, all URL calls seem to be really authenticated. >
Haha, replied just as this one came in. Yes, GUAC_AUTH, not GUAC_TOKEN. > Now to find a way to work around that cookie use/creation (or invalidate > it). > The cause, I believe, is that in order to get the terminal session started > immediately, I have to create an on-the-fly user authorization with only > one > connection allowed (to be different for each invocation). Looks like > that's a border case for Guacamole. If there are multiple connections, > then there is a home page to pick from (which we precisely want to avoid to > obtain true in-context launch) so authentication caching through the cookie > is OK. > I'm not sure if this is the best way to do, Mike might have some suggestions, but part of your extension can include HTML/JS code, so maybe you could write code as part of your extension that clears that cookie out. > I also see signs that some information is kept by the server for these > sessions so I now also worry about the accumulation of them (memory) over > time. > > What kind of information are you talking about? -Nick
