You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In some case, external client that call opencti (taxii client ...) are not able to manage an http session.
This situation leads to a session explosion in opencti depending on the session maximum time.
As these clients are able to add some extra header, the concept is to prevent session creation if this header is available
This issue will also refactor part of code to use user loading from cache in auth and basic finding
opencti-no-session = ?1
opencti-no-session is a boolean and so ?0 or ?1 to be compliant with http specification
This header is not recommanded if the client is able to support session management.
The text was updated successfully, but these errors were encountered:
richard-julien
changed the title
Add http header to allow http query to be executed without session creation
Add http header to allow query to be executed without session creation
Apr 24, 2024
Use case
In some case, external client that call opencti (taxii client ...) are not able to manage an http session.
This situation leads to a session explosion in opencti depending on the session maximum time.
As these clients are able to add some extra header, the concept is to prevent session creation if this header is available
This issue will also refactor part of code to use user loading from cache in auth and basic finding
opencti-no-session = ?1
opencti-no-session is a boolean and so ?0 or ?1 to be compliant with http specification
This header is not recommanded if the client is able to support session management.
The text was updated successfully, but these errors were encountered: