Werk #16222: Automationuser login must not open full session
Component | Setup |
Title | Automationuser login must not open full session |
Date | Nov 19, 2023 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 2.2.0p16 2.3.0b1 |
Level | Trivial Change |
Class | Bug Fix |
Compatibility | Incompatible - Manual interaction might be required |
Checkmk offers a method to authenticate single web requests with URL parameters (_username and _secret).
Due to some refactoring of the session handling with Checkmk 2.2 such automation requests initiated a full session.
The login for automation users was still blocked in the login screen but an authenticated request initiated a full session that could than be used to browse the Checkmk GUI like a regular user.
With this Werk that is no longer the case.
If you use this authentication method you should check if you rely on sessions for your automation users.