My issue (and need for Cookie-based auth or an alternative) is very similar. Lev noted this in my own thread and pointed here.
In my case, we determined that our users only needed the servers for a few hours and different times of the week or month so we generally have the virtual machines off. We also determined that Guacamole probably not the best system to control spinning up or down these virtual machines -- designing the extensions would have been difficult, and prone to issues as guacamole matured. So we designed a wrapper that is responsible for ensuring the servers are available when the users need them; The users start the system outside guacamole, and get a button that opens a new tab with a one-time-use cookie that drops them directly into the specified server on demand. To reduce any confusion, we strip away most of the guacamole client features like user management, and let guacamole handle the RDP/SSH sessions through 'just-in-time' configurations provided by our authentication extension, which can also pass in configuration options. Guacamole effectively persists nothing outside sessions. The clearing of cookies in the past caused no issues on existing sessions, so a user could have 4 tabs with different RDP/SSH sessions at the same time (or, in some cases, sessions to the same server that was configured to give new SSH/RDP sessions for each connection). We found this very valuable -- such as teachers looking at or troubleshooting multiple student sessions at the same time. It's also helpful when working on an exercise that has two computers talking to each other. With out testing and approach, these sessions could go on nearly indefinitely, even if their cookies were destroyed. Survival through a tab refresh is not a requirement for us. Incognito mode is a good work-around for technical people, but not a great workaround for elementary and middle school students (or teachers) who are using the guacamole service in their "Introduction to computers" class. Does this give a possible use case for cookie-based authentication? My team's plan is to destroy the local storage data as well as the cookies and see if that allows us to move forward. Hopefully it allows sessions to persist like it has in the past. -Lee Virginia Tech / Virginia Cyber Range -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
