You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use ?sid= to login to a page in LuCI, if you now click on a link, you will no longer be logged in. This is by design.
I have at work made a patch to LuCI that introduces a config option in admin->auth called force_cookie when this is set to true,
LuCI will set the cookie for login allowing subsequent navigation in the menu to be authenticated with the same sid as the initial page visit.
Actual behavior:
as described above.
Expected behavior:
By default, this would not be turned on but enabled if you add "param:sid" as an auth->method, and set auth->force_cookie = true
Additional Information:
I have a patch already available, but I wanted to check if this would be of interest before creating a merge request.
The text was updated successfully, but these errors were encountered:
I also want to be able to set the sysauth_http(s) cookie, but I want it to use the value of a form parameter. (I have a custom sysauth.ut template that uses the POST method.) I'm using the patch below. (I have made some additional changes that I removed, and I haven't tested the code I posted.)
@@ -911,20 +915,32 @@
if (!session && resolved.ctx.auth.login) {
let user = http.getenv('HTTP_AUTH_USER');
let pass = http.getenv('HTTP_AUTH_PASS');
+ let sysauth = http.formvalue('luci_sysauth');
if (user == null && pass == null) {
user = http.formvalue('luci_username');
pass = http.formvalue('luci_password');
}
+ if (sysauth)
+ session = session_retrieve(sysauth);
+ else
if (user != null && pass != null)
session = session_setup(user, pass, resolved.ctx.request_path);
This is a request to merge a new feature.
Steps to reproduce:
Use ?sid= to login to a page in LuCI, if you now click on a link, you will no longer be logged in. This is by design.
I have at work made a patch to LuCI that introduces a config option in admin->auth called force_cookie when this is set to true,
LuCI will set the cookie for login allowing subsequent navigation in the menu to be authenticated with the same sid as the initial page visit.
Actual behavior:
as described above.
Expected behavior:
By default, this would not be turned on but enabled if you add "param:sid" as an auth->method, and set auth->force_cookie = true
Additional Information:
I have a patch already available, but I wanted to check if this would be of interest before creating a merge request.
The text was updated successfully, but these errors were encountered: