Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

XML API call creates persistent Web session

L0 Member

In the CLI, "show admins" will report my current CLI session.

If I also log into the Web interface, "show admins" will now show a Web session in addition to the CLI session.

After I click "logout" on the Web interface, "show admins" reveals that my Web session is now gone.

 

However, if I run a python script using the XML API from a remote server to retrieve the ARP table entries, and then run

"show admins", I now see a new Web session for the Admin used in the script.

Both the response and the request headers show that the connection is closed and "ss -t -a" shows no open TCP port from the client to the firewall.

Yet the Web session persists.

I tried issuing a follow-up xml api command, ?type=op&cmd=<exit></exit>, but that returns error code 17.

The "debug cli on" feature fails to reveal anything about the "logout" button on the Web interface.

Why does a Web session persist after using the XML API and is there a proper way to close it?

 

 

Who Me Too'd this topic