Bug 40806

Summary: UMC-Webserver: bind language to sessionid
Product: UCS Reporter: Florian Best <best>
Component: UMC (Generic)Assignee: Florian Best <best>
Status: CLOSED FIXED QA Contact: Daniel Tröder <troeder>
Severity: normal    
Priority: P5    
Version: UCS 4.1   
Target Milestone: UCS 4.1-1-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 40799    

Description Florian Best univentionstaff 2016-03-01 12:37:40 CET 
Since UCS 4.1 it's possible to authenticate via basic-auth so that there are no sessions. This feature is now used by the self-service. But it lacks the possibility to be bound on a specific language. So if the first request is german and the seconds wants to be english this is not possible (only after the module process ends). The hash for the session-id should contain the language so that this is possible.
Comment 1 Florian Best univentionstaff 2016-03-01 12:51:39 CET 
univention-management-console-frontend.yaml:
r67810 | YAML Bug #40806

univention-management-console-frontend (5.0.63-27):
r67809 | Bug #40806: bind language to session id when using HTTP basic authentication
Comment 2 Daniel Tröder univentionstaff 2016-03-07 09:27:37 CET 
OK: advisory
OK: automated tests. Currently only univention-self-service uses the feature: ucs-test -E dangerous -s self-service
OK: manual tests:
* One UMC module process per language was created.
* Trying to DOS the machine with lots of language codes didn't work, because a max. 35 UMC module processes was created.
Comment 3 Florian Best univentionstaff 2016-03-18 06:49:48 CET 
<http://errata.software-univention.de/ucs/4.1/132.html>