From user-return-5522-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Mon Mar 4 18:16:06 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id CEAF0180627 for ; Mon, 4 Mar 2019 19:16:05 +0100 (CET) Received: (qmail 92823 invoked by uid 500); 4 Mar 2019 18:15:59 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 92814 invoked by uid 99); 4 Mar 2019 18:15:59 -0000 Received: from mail-relay.apache.org (HELO mailrelay2-lw-us.apache.org) (207.244.88.137) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Mar 2019 18:15:59 +0000 Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) by mailrelay2-lw-us.apache.org (ASF Mail Server at mailrelay2-lw-us.apache.org) with ESMTPSA id DC3ED34AD for ; Mon, 4 Mar 2019 18:15:58 +0000 (UTC) Received: by mail-ed1-f41.google.com with SMTP id 10so5021971eds.7 for ; Mon, 04 Mar 2019 10:15:58 -0800 (PST) X-Gm-Message-State: APjAAAUjxOj+O6eyouPCvMFzRjw5hsx8fPfn2O5SpF61unecrX9cv3yt cCa/16Ex25jvsDjw1GAgF8+EaX0Ke607B9Q5MPM= X-Google-Smtp-Source: APXvYqw9KvJZdu+VSi0zsMvoAGjrZhd+hECR/R8Y0OGY3BAtFebz8Aflw7Zkvgc6NTumgyg1HbEm423UYJfUZeWBDVU= X-Received: by 2002:aa7:dac5:: with SMTP id x5mr16300180eds.56.1551723357955; Mon, 04 Mar 2019 10:15:57 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Nick Couchman Date: Mon, 4 Mar 2019 13:15:46 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: 1.0.0 LocalStorage auth instead of cookies To: user@guacamole.apache.org Content-Type: multipart/alternative; boundary="0000000000008a6e88058348bff4" --0000000000008a6e88058348bff4 Content-Type: text/plain; charset="UTF-8" On Sun, Mar 3, 2019 at 12:40 AM Lev Dubinets wrote: > Hi, > > Prior to 1.0.0 I had a reverse proxy in front of Guacamole that modified > the GUAC_AUTH cookie paths so that I could have two browser windows open > with two different Guacamole sessions (one at domain .com/username1 and > other at domain .com/username2). > > With 1.0.0 and the LocalStorage changes theres no way to "path" the > entries at all. What are some recommended solutions for this? Is it > possible to write some kind of auth plugin to use cookies instead of > localstorage? > I don't think this would work, no - you could write an authentication extension that would authenticate with cookies, yes, but I don't think this would solve the issue you're seeing, because, once logged in, Guacamole would still issue a token based on the LocalStorage method of storing data within the browser, which would likely circumvent your cookie-based authentication. What is it that you're trying to accomplish, in the end? Why do you need/want two different sessions under two different accounts? On the rare occasions that I require this, I usually end up using Chrome's Incognito mode for the second session, but I wouldn't consider my usage routine, so I can understand that there might be situations that don't lend themselves quite as easily to that. -Nick > --0000000000008a6e88058348bff4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sun, Mar 3, 2019 at 12:40 AM Lev Dubin= ets <levdubinets@live.com>= ; wrote:
Hi,

Prior to 1.0.0 I had a reverse proxy in front of Guacamole that modified th= e GUAC_AUTH cookie paths so that I could have two browser windows open with= two different Guacamole sessions (one at domain .com/username1 and other a= t domain .com/username2).

With 1.0.0 and the LocalStorage changes theres no way to "path" t= he entries at all. What are some recommended solutions for this? Is it poss= ible to write some kind of auth plugin to use cookies instead of localstora= ge?

I don't think this woul= d work, no - you could write an authentication extension that would authent= icate with cookies, yes, but I don't think this would solve the issue y= ou're seeing, because, once logged in, Guacamole would still issue a to= ken based on the LocalStorage method of storing data within the browser, wh= ich would likely circumvent your cookie-based authentication.
What is it that you're trying to accomplish, in the end?=C2= =A0 Why do you need/want two different sessions under two different account= s?=C2=A0 On the rare occasions that I require this, I usually end up using = Chrome's Incognito mode for the second session, but I wouldn't cons= ider my usage routine, so I can understand that there might be situations t= hat don't lend themselves quite as easily to that.

=
-Nick
--0000000000008a6e88058348bff4--