Project

General

Profile

Actions
Copy link

Bug #26957

closed

Foreman sends session instead request as X-Request-Id

Added by Lukas Zapletal almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Logging
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/6827
Fixed in Releases:
1.22.1, 1.23.0
Found in Releases:
Red Hat JIRA:

Description

We send the data to correlate logs but instead request we send session id. This is confusing, I am going to actually send both.

Edit: Also, second part of the problem is that we send session id, which could be vulnerable to session hijacking. We must only send logging_token which is a randomly generated token stored in the session. -- this is actually not true, session mdc field is not vulnerable.

Related issues 1 (0 open1 closed)

Related to Smart Proxy - Bug #26962: Send also session id to structured logsClosedLukas ZapletalActions
Actions
Copy link

Also available in: Atom PDF