Changing session cookie name and added a way for clients to know what the name is #11413 (#11679)

* Changing session cookie name and added a way for clients to know what the key name is * Adding session information to docs * Fixing how awxkit gets the session id header
2026-02-18 19:50:05 -03:30 · 2022-02-27 07:27:25 -05:00
parent 895c05a84a
commit cb57752903
7 changed files with 39 additions and 17 deletions
--- a/awxkit/awxkit/api/client.py
+++ b/awxkit/awxkit/api/client.py
@@ -33,6 +33,10 @@ class Connection(object):
    def __init__(self, server, verify=False):
        self.server = server
        self.verify = verify
+        # Note: We use the old sessionid here incase someone is trying to connect to an older AWX version
+        # There is a check below so that if AWX returns an X-API-Session-Cookie-Name we will grab it and
+        # connect with the new session cookie name.
+        self.session_cookie_name = 'sessionid'

        if not self.verify:
            requests.packages.urllib3.disable_warnings()
@@ -49,8 +53,13 @@ class Connection(object):
            _next = kwargs.get('next')
            if _next:
                headers = self.session.headers.copy()
-                self.post('/api/login/', headers=headers, data=dict(username=username, password=password, next=_next))
-                self.session_id = self.session.cookies.get('sessionid')
+                response = self.post('/api/login/', headers=headers, data=dict(username=username, password=password, next=_next))
+                # The login causes a redirect so we need to search the history of the request to find the header
+                for historical_response in response.history:
+                    if 'X-API-Session-Cookie-Name' in historical_response.headers:
+                        self.session_cookie_name = historical_response.headers.get('X-API-Session-Cookie-Name')
+
+                self.session_id = self.session.cookies.get(self.session_cookie_name, None)
                self.uses_session_cookie = True
            else:
                self.session.auth = (username, password)
@@ -61,7 +70,7 @@ class Connection(object):

    def logout(self):
        if self.uses_session_cookie:
-            self.session.cookies.pop('sessionid', None)
+            self.session.cookies.pop(self.session_cookie_name, None)
        else:
            self.session.auth = None

--- a/awxkit/awxkit/awx/utils.py
+++ b/awxkit/awxkit/awx/utils.py
@@ -95,12 +95,12 @@ def as_user(v, username, password=None):
            # requests doesn't provide interface for retrieving
            # domain segregated cookies other than iterating.
            for cookie in connection.session.cookies:
-                if cookie.name == 'sessionid':
+                if cookie.name == connection.session_cookie_name:
                    session_id = cookie.value
                    domain = cookie.domain
                    break
            if session_id:
-                del connection.session.cookies['sessionid']
+                del connection.session.cookies[connection.session_cookie_name]
            if access_token:
                kwargs = dict(token=access_token)
            else:
@@ -114,9 +114,9 @@ def as_user(v, username, password=None):
        if config.use_sessions:
            if access_token:
                connection.session.auth = None
-            del connection.session.cookies['sessionid']
+            del connection.session.cookies[connection.session_cookie_name]
            if session_id:
-                connection.session.cookies.set('sessionid', session_id, domain=domain)
+                connection.session.cookies.set(connection.session_cookie_name, session_id, domain=domain)
        else:
            connection.session.auth = previous_auth

--- a/awxkit/awxkit/ws.py
+++ b/awxkit/awxkit/ws.py
@@ -51,7 +51,9 @@ class WSClient(object):

    # Subscription group types

-    def __init__(self, token=None, hostname='', port=443, secure=True, session_id=None, csrftoken=None, add_received_time=False):
+    def __init__(
+        self, token=None, hostname='', port=443, secure=True, session_id=None, csrftoken=None, add_received_time=False, session_cookie_name='awx_sessionid'
+    ):
        # delay this import, because this is an optional dependency
        import websocket

@@ -78,7 +80,7 @@ class WSClient(object):
        if self.token is not None:
            auth_cookie = 'token="{0.token}";'.format(self)
        elif self.session_id is not None:
-            auth_cookie = 'sessionid="{0.session_id}"'.format(self)
+            auth_cookie = '{1}="{0.session_id}"'.format(self, session_cookie_name)
            if self.csrftoken:
                auth_cookie += ';csrftoken={0.csrftoken}'.format(self)
        else: