Copy link to issue

Web-ui logs out while opening REST in chrome browser

Description

When opening web-ui and opening REST in another tab in chrome browser the web-ui logs out.

Activity

Show:

Barak Merimovich

April 24, 2013, 8:44 PM

Copy link to comment

Browser->webUI – no Session ID
WebUI-> Browser - set Session ID ‘A’

Browser->Rest – Session ID ‘A’ (THIS IS THE PROBLEM)
Rest->Browser – Session ‘A’ not found, set session ID ‘B’

Browser->web UI – Session ID ‘B’
WebUI->Browser – Session ‘B’ not found, set session ID ‘C’ (and logs out)

Barak Merimovich

April 24, 2013, 8:53 PM

Copy link to comment

According to https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
“Scope: by default, cookie scope is limited to all URLs on the current host name - and not bound to port or protocol information. Scope may be limited with path= parameter to specify a specific path prefix to which the cookie should be sent, or broadened to a group of DNS names, rather than single host only, with domain=”

Assignee

Unassigned

Reporter

Boris Genzel

Labels

REST

web-ui

Priority

Medium

Configure

CloudifyAllSprints