[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: M/Monit with HTTP basic auth

From: Philippe Wooding
Subject: Re: M/Monit with HTTP basic auth
Date: Mon, 12 Oct 2015 23:36:39 +0200

Thanks for your response.
If indeed, it is by design and things are unlikely to change, then the M/Monit documentation ( should probably be updated to state that the web site can’t use anything else than form based authentication.
It would have avoided my spending time trying to understand why it wasn’t working :-)
Do you know why only the status page breaks when using basic auth?
What information does the session hold?


On 12 Oct 2015, at 23:05, Jan-Henrik Haukeland <address@hidden> wrote:

You pretty much explained this yourself. It is correct what you found, when Basic Auth is used, no session is created. The M/Monit app, as it is, depends on a session being created and therefor only supports login via form based auth. The exception is the /collector page which actually uses Basic Auth. This is to lower resource usage - if you have thousands of Monit agents reporting in to M/Monit, creating a session for each of these connections with no logout can be expensive. The bottom line is that this is by design and unlikely to change.

Ps. The reason you where able to start with form based auth and then switch to basic auth is because M/Monit sessions are persistent over a restart so you are still logged into M/Monit via your browser’s zsessionid cookie.

On 12 Oct 2015, at 21:44, Philippe Wooding <address@hidden> wrote:

Hi all,

I’ve started using M/Monit (3.5.1-linux-x64) and would like to use HTTP basic auth instead of the default login form.
However, HTTP auth seems to be broken.
When I log in, I get the index page ok, but when I switch to the ‘status’ tab, I get a ‘Page not found’ error popup.
With the standard form based auth, everything works ok.
I traced the basic auth error down to the lack of the ‘zsessionid’ cookie.
It never gets created with basic auth and seems to be required by the following query:

If I start by using form based auth and then switch to basic auth, the cookie is known to the browser and everything
is fine until I restart my browser.

Is anyone else out there using HTTP auth or does my description ring a bell?


P Wooding

To unsubscribe:

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

reply via email to

[Prev in Thread] Current Thread [Next in Thread]