python-jenkins-developers team mailing list archive

Thread
Date

[Bug 1837415] Re: Retain session id for subsequent requests

To: python-jenkins-developers@xxxxxxxxxxxxxxxxxxx
From: Pascal Hofmann <1837415@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Jul 2019 20:28:29 -0000
Reply-to: Bug 1837415 <1837415@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Please ignore comment #1. I thought the bug was related to changed
crumb/session behavior, when in reality it was only related to
disable_node/enable_node invalidating the crumb.

** Description changed:

- Starting with Jenkins version 2.176.2 CSRF tokens will now also check
- the web session ID to confirm they were created in the same session.
- This fix impacts python-jenkins because it obtains a crumb from the
- crumb issuer API. python-jenkins needs to be updated to retain the
- session ID for subsequent requests. For further information, see
- https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626
+ The crumb gets invalid after a call to disable_node / enabled_node. The
+ new crumb from the response should be taken or the crumb should be unset
+ so a new crumb is obtained for all following requests.

-- 
You received this bug notification because you are a member of Python
Jenkins Developers, which is subscribed to Python Jenkins.
https://bugs.launchpad.net/bugs/1837415

Title:
  Retain session id for subsequent requests

Status in Python Jenkins:
  New

Bug description:
  The crumb gets invalid after a call to disable_node / enabled_node.
  The new crumb from the response should be taken or the crumb should be
  unset so a new crumb is obtained for all following requests.

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-jenkins/+bug/1837415/+subscriptions

References

[Bug 1837415] [NEW] Retain session id for subsequent requests
From: Pascal Hofmann, 2019-07-22