[
https://issues.apache.org/jira/browse/GUACAMOLE-1871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17778766#comment-17778766
]
phreakocious commented on GUACAMOLE-1871:
-----------------------------------------
The way it's currently written when accepting a username could be considered to
be "ad-hoc session" where information about all connections a user can use must
be provided in the original request. When there is more than one, they get the
guac UI to pick from them, as it is today.
A possibility is treating each request that specifies only one connection as an
"ad-hoc connection" where each has a distinct session. In that scenario, they
could have different usernames, different expirations, etc. This approach
would still give us logs that have the username and connection name together.
> Multiple connections from the same browser not possible with JSON
> authentication
> --------------------------------------------------------------------------------
>
> Key: GUACAMOLE-1871
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1871
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-json
> Affects Versions: 1.4.0, 1.5.2
> Reporter: phreakocious
> Priority: Minor
>
> When only JSON authentication is in use, it is not possible to have multiple
> connections open from the same browser.
> * a connection has been established already using {{?data=connection1_json}}
> * a subsequent request for {{?data=connection2_json}} is submitted
> * the json is not decrypted or validated
> * the user is redirected to {{{}/client/...?data=connection2_json{}}}, but
> the json is ignored and a second connection is made to {{connection1}}
> It appears that the original session is cached in some way. Adding something
> to the JSON body or a URL parameter to control this unintuitive behavior
> would be very helpful.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
