Werk #16222: Automationuser login must not open full session
Component | Setup | ||||
Title | Automationuser login must not open full session | ||||
Date | Nov 19, 2023 | ||||
Level | Trivial Change | ||||
Class | Bug Fix | ||||
Compatibility | Incompatible - Manual interaction might be required | ||||
Checkmk versions & editions |
|
Checkmk offers a method to authenticate single web requests with URL parameters (_username and _secret).
Due to some refactoring of the session handling with Checkmk 2.2 such automation requests initiated a full session.
The login for automation users was still blocked in the login screen but an authenticated request initiated a full session that could than be used to browse the Checkmk GUI like a regular user.
With this Werk that is no longer the case.
If you use this authentication method you should check if you rely on sessions for your automation users.