gotiniens
commented
6 years ago We experienced the same issue, and took some time to debug.
We are using the packages supplied by zabbix itself using the debian repo:
deb http://repo.zabbix.com/zabbix/3.0/debian jessie main. The issue started when we upgraded the zabbix-frontend-php package from 3.0.13-4+jessie to 3.0.14-1+jessie.
After some debugging with the developer tools from my browser, and adding some "console.log" rules to grapher.js. I noticed that the zbx_sessionid was not accessable for the javascript.
I examined the changes between the old en new versions from the zabbix-frontend package, and noticed the following change:
diff -r --color old/include/func.inc.php new/include/func.inc.php
104c104
< setcookie($name, $value, isset($time) ? $time : 0, null, null, HTTPS);
---
> setcookie($name, $value, isset($time) ? $time : 0, null, null, HTTPS, true);When I reverted the change Grapher started working again. The last option of setcookie is defined as follows:
httponly When TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. It has been suggested that this setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers), but that claim is often disputed. Added in PHP 5.2.0. TRUE or FALSE source: http://php.net/manual/en/function.setcookie.php
I don't really see an permanent solution to this problem, other than the local change I suggested.
falsebyte
flooopro
Hi I'v been added Grapher to Zabbix 3.4 and It isn't working.
Is it work for someone in 3.4?