Jump to content

Auto Login


MemoryX2

Recommended Posts

Doesn't matter if you're not currently logged in. If you attempted to log in via basic authentication (like the link from Blesta) but did not first log out of any account you were currently logged into cPanel will not allow you to log in but instead redirect you to the log in page. This is a limitation of cPanel, but probably has something to do with the fact that basic authentication sessions simply don't expire.

 

Instead, try opening a separate browser (if you're using chrome, open firefox instead). Then clear the browser cache. Then paste the login link in your browser.

 

If you click the link and get the login page the redirect is happening correctly, but as I said, cPanel will not allow you to log in via basic authentication if you were previously logged in.

I don't get that, I have two cPanel sessions open and can use them freely  without logging out of one and then logging in one, that should be limited by the same domain aka hostname, which I don't have open or had open.

Link to comment
Share on other sites

I have no problems with this in WHMCS... No matter if I'm logged in to one account 5 or whatever

 

How are they formatting the request? Are they posting the data, or linking to it like us? Can you post either the form fields (mask the user/pass) or the URL if its a link (mask the user/pass).

Link to comment
Share on other sites

How are they formatting the request? Are they posting the data, or linking to it like us? Can you post either the form fields (mask the user/pass) or the URL if its a link (mask the user/pass).

 

 

<form action="https://hostname.pw:2083/login/" method="post" target="_blank">
<input type="hidden" name="token" value="Token here.">
		<input type="hidden" name="user" value="qyaaysku">
		<input type="hidden" name="pass" value="passwordhere">
		<input type="submit" value="Login to cPanel" class="btn">
		<input type="button" value="Login to Webmail" onclick="window.open('https://hostname.pw:2096/')" class="btn">
		</form>

 

like that.

Link to comment
Share on other sites

Ahh. Ok, in WHM under Tweak Settings > Security > Enable HTTP Authentication, is it on or off? If off, try turning it on and see if it then works. With it on, then also test WHM** and see if it still works.

 

The solution may be to switch to post and not use http basic auth, but I want to see if it will break it the other way around.

Link to comment
Share on other sites

Ahh. Ok, in WHM under Tweak Settings > Security > Enable HTTP Authentication, is it on or off? If off, try turning it on and see if it then works. With it on, then also test WHM** and see if it still works.

 

The solution may be to switch to post and not use http basic auth, but I want to see if it will break it the other way around.

Mine is off as default:

 

Enable HTTP Authentication for cPanel/WebMail/WHM Logins. This risks certain types of XSRF attacks that rely on cached HTTP Auth credentials. Disabling forces cookie authentication.

Turning this on fixes Blesta. and it works in WHM** too.

Link to comment
Share on other sites

Ahh. Ok, in WHM under Tweak Settings > Security > Enable HTTP Authentication, is it on or off? If off, try turning it on and see if it then works. With it on, then also test WHM** and see if it still works.

 

The solution may be to switch to post and not use http basic auth, but I want to see if it will break it the other way around.

 

That was it. I changed that on my server and it works perfectly, and just the way I want it to. I can log into a clients cpanel directly from their account just like I wanted.

 

 

I have added this as CORE-597: Change log in link to use post instead of http basic auth

 

Awesome. I think I recently saw this way described in their docs. It does look like it's being phased out.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...