Project

General

Profile

Bug #26957

Foreman sends session instead request as X-Request-Id

Added by Lukas Zapletal 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Category:
Logging
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

We send the data to correlate logs but instead request we send session id. This is confusing, I am going to actually send both.

Edit: Also, second part of the problem is that we send session id, which could be vulnerable to session hijacking. We must only send logging_token which is a randomly generated token stored in the session. -- this is actually not true, session mdc field is not vulnerable.


Related issues

Related to Smart Proxy - Bug #26962: Send also session id to structured logsClosed

Associated revisions

Revision 48af620c (diff)
Added by Lukas Zapletal 5 months ago

Fixes #26957 - send request id instead session to proxy

History

#1 Updated by Lukas Zapletal 5 months ago

  • Description updated (diff)

#2 Updated by The Foreman Bot 5 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6827 added

#3 Updated by Lukas Zapletal 5 months ago

  • Related to Bug #26962: Send also session id to structured logs added

#4 Updated by Tomer Brisker 5 months ago

  • Fixed in Releases 1.22.1, 1.23.0 added

#5 Updated by Lukas Zapletal 5 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF