back to website

Werk #16222: Automationuser login must not open full session

Component Setup
Title Automationuser login must not open full session
Date Nov 19, 2023
Level Trivial Change
Class Bug Fix
Compatibility Incompatible - Manual interaction might be required
Checkmk versions & editions
2.3.0b1
Not yet released 		Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p16 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Checkmk offers a method to authenticate single web requests with URL parameters (_username and _secret).

Due to some refactoring of the session handling with Checkmk 2.2 such automation requests initiated a full session.

The login for automation users was still blocked in the login screen but an authenticated request initiated a full session that could than be used to browse the Checkmk GUI like a regular user.

With this Werk that is no longer the case.

If you use this authentication method you should check if you rely on sessions for your automation users.

To the list of all Werks