Bug 40806 - UMC-Webserver: bind language to sessionid
UMC-Webserver: bind language to sessionid
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-1-errata
Assigned To: Florian Best
Daniel Tröder
:
Depends on:
Blocks: 40799
  Show dependency treegraph
 
Reported: 2016-03-01 12:37 CET by Florian Best
Modified: 2016-03-18 06:49 CET (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2016-03-01 12:37:40 CET
Since UCS 4.1 it's possible to authenticate via basic-auth so that there are no sessions. This feature is now used by the self-service. But it lacks the possibility to be bound on a specific language. So if the first request is german and the seconds wants to be english this is not possible (only after the module process ends). The hash for the session-id should contain the language so that this is possible.
Comment 1 Florian Best univentionstaff 2016-03-01 12:51:39 CET
univention-management-console-frontend.yaml:
r67810 | YAML Bug #40806

univention-management-console-frontend (5.0.63-27):
r67809 | Bug #40806: bind language to session id when using HTTP basic authentication
Comment 2 Daniel Tröder univentionstaff 2016-03-07 09:27:37 CET
OK: advisory
OK: automated tests. Currently only univention-self-service uses the feature: ucs-test -E dangerous -s self-service
OK: manual tests:
* One UMC module process per language was created.
* Trying to DOS the machine with lots of language codes didn't work, because a max. 35 UMC module processes was created.
Comment 3 Florian Best univentionstaff 2016-03-18 06:49:48 CET
<http://errata.software-univention.de/ucs/4.1/132.html>