Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why does SplunkWeb controller intermittently throw exception "AuthenticationFailed"?

LukeMurphey
Champion
‎02-19-2015 11:34 AM

I have a SplunkWeb controller that intermittently throws the following exception:

AuthenticationFailed: [HTTP 401] Client is not authenticated

Its odd because the controller works about 80% of the time.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎02-19-2015 11:40 AM

If the controller caches the session then it is possible that it will keep the key around longer than its lifetime. This is because controllers stay running in SplunkWeb and thus a key can easily be kept around longer than its lifetime.

You should always get a new key by calling cherrypy.session.get('sessionKey'). Don't store the key or keep it around.

For example, I have seen this happen when someone cached the key in the constructor:

class SomeController(controllers.BaseController):

    def __init__(self):
        self.sessionKey = cherrypy.session.get('sessionKey')
        super(SomeController, self).__init__()

    @expose_page(must_login=True, methods=['POST']) 
    def update(self, **kwargs):
        doUpdate(self.sessionKey) # Using cached key. Oh no!

Instead, the session should be obtained just before use:

class SomeController(controllers.BaseController):

    def __init__(self):
        super(SomeController, self).__init__()

    @expose_page(must_login=True, methods=['POST']) 
    def update(self, **kwargs):
        doUpdate(cherrypy.session.get('sessionKey')) # Using a fresh key!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎02-19-2015 11:40 AM

If the controller caches the session then it is possible that it will keep the key around longer than its lifetime. This is because controllers stay running in SplunkWeb and thus a key can easily be kept around longer than its lifetime.

You should always get a new key by calling cherrypy.session.get('sessionKey'). Don't store the key or keep it around.

For example, I have seen this happen when someone cached the key in the constructor:

class SomeController(controllers.BaseController):

    def __init__(self):
        self.sessionKey = cherrypy.session.get('sessionKey')
        super(SomeController, self).__init__()

    @expose_page(must_login=True, methods=['POST']) 
    def update(self, **kwargs):
        doUpdate(self.sessionKey) # Using cached key. Oh no!

Instead, the session should be obtained just before use:

class SomeController(controllers.BaseController):

    def __init__(self):
        super(SomeController, self).__init__()

    @expose_page(must_login=True, methods=['POST']) 
    def update(self, **kwargs):
        doUpdate(cherrypy.session.get('sessionKey')) # Using a fresh key!
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...