search

digineo / cambium-exporter

A Prometheus exporter for the Cambium cnMaestro Cloud controller. Does not work for on-premise installations.
MIT License
3 stars 0 forks source link

The session cookie invalidates after 24h #1

Closed dmke closed 3 years ago

dmke commented 3 years ago

As it turns out, the sid cookie, even when created with the "rembember me" checkbox set, must be refreshed every 24 hours.

The Cambium SSO also sets two additional cookies (scoped to their SSO server domain), and my best guess is, that they are used to refresh the sid cookie once every while.

Initial investigation into this issue shows, that we can't simply POST the login credentials to their SSO, because it does some crypto on the login form (and I hesitant to re-implement those shenanigans in Go - purely for maintainability reasons). The best workaround seems to be to use an actual browser (remote controlled, e.g. chromedp) to perform the login every 6-12 hours, and extract the session cookie from it.

dmke commented 3 years ago

Fixed with c74b519c474d769c7dd209e54e17c2e1b8ee2902.