You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As reported by @3c7 and @jeromeleonard after building the training VM containing TheHive 3.0.7 and Cortex 2.0.1 and running some tests, having both applications sharing the same URL causes a session collision and all sorts of weird behaviors.
The initial debugging conducted by @To-om shows that If both applications have the same secret (play.http.secret.key) and the same user exists in both apps, a logged user on one application will automatically be authenticated on the other.
If they have different secrets or if a user exists in one app but not in the other, a request will invalidate the cookie and remove the session.
Possible Solutions
Choose different cookie names while managing the CSRF token without collisions.
The text was updated successfully, but these errors were encountered:
Request Type
Bug
Work Environment
Problem Description
As reported by @3c7 and @jeromeleonard after building the training VM containing TheHive 3.0.7 and Cortex 2.0.1 and running some tests, having both applications sharing the same URL causes a session collision and all sorts of weird behaviors.
The initial debugging conducted by @To-om shows that If both applications have the same secret (
play.http.secret.key) and the same user exists in both apps, a logged user on one application will automatically be authenticated on the other.If they have different secrets or if a user exists in one app but not in the other, a request will invalidate the cookie and remove the session.
Possible Solutions
Choose different cookie names while managing the CSRF token without collisions.
The text was updated successfully, but these errors were encountered: