Commit 63463e0e by Sofia Papagiannaki Committed by GitHub

Docs: Add upgrade note for modification of the cookie path (#25221)

* Add note for modification in the cookie path

* Update docs/sources/installation/upgrading.md

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update docs/sources/installation/configuration.md

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
parent 5d6af607
...@@ -457,11 +457,6 @@ Text used as placeholder text on login page for password input. ...@@ -457,11 +457,6 @@ Text used as placeholder text on login page for password input.
Grafana provides many ways to authenticate users. The docs for authentication has been split in to many different pages Grafana provides many ways to authenticate users. The docs for authentication has been split in to many different pages
below. below.
### oauth_state_cookie_max_age
How long the OAuth state cookie lives before being deleted. Default is `60` (seconds)
Administrators can increase it if they experience OAuth login state mismatch errors.
- [Authentication Overview]({{< relref "../auth/overview.md" >}}) (anonymous access options, hide login and more) - [Authentication Overview]({{< relref "../auth/overview.md" >}}) (anonymous access options, hide login and more)
- [Google OAuth]({{< relref "../auth/google.md" >}}) (auth.google) - [Google OAuth]({{< relref "../auth/google.md" >}}) (auth.google)
- [GitHub OAuth]({{< relref "../auth/github.md" >}}) (auth.github) - [GitHub OAuth]({{< relref "../auth/github.md" >}}) (auth.github)
...@@ -471,6 +466,15 @@ Administrators can increase it if they experience OAuth login state mismatch err ...@@ -471,6 +466,15 @@ Administrators can increase it if they experience OAuth login state mismatch err
- [LDAP Authentication]({{< relref "../auth/ldap.md" >}}) (auth.ldap) - [LDAP Authentication]({{< relref "../auth/ldap.md" >}}) (auth.ldap)
- [Auth Proxy]({{< relref "../auth/auth-proxy.md" >}}) (auth.proxy) - [Auth Proxy]({{< relref "../auth/auth-proxy.md" >}}) (auth.proxy)
### login_cookie_name
The cookie name for storing the auth token, the default is `grafana_session`.
### oauth_state_cookie_max_age
How long the OAuth state cookie lives before being deleted. Default is `60` (seconds)
Administrators can increase this if they experience OAuth login state mismatch errors.
## [dataproxy] ## [dataproxy]
### logging ### logging
......
...@@ -252,3 +252,7 @@ A global minimum dashboard refresh interval is now enforced and defaults to 5 se ...@@ -252,3 +252,7 @@ A global minimum dashboard refresh interval is now enforced and defaults to 5 se
### Backend plugins ### Backend plugins
Grafana now requires backend plugins to be signed. If a backend plugin is not signed Grafana will not load/start it. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. All Grafana Labs authored backend plugins, including Enterprise plugins, are now signed. It's possible to allow unsigned plugins using a configuration setting, but is something we strongly advise against doing. Read more [here]({{< relref "configuration/#allow-loading-unsigned-plugins" >}}) about this setting. Grafana now requires backend plugins to be signed. If a backend plugin is not signed Grafana will not load/start it. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. All Grafana Labs authored backend plugins, including Enterprise plugins, are now signed. It's possible to allow unsigned plugins using a configuration setting, but is something we strongly advise against doing. Read more [here]({{< relref "configuration/#allow-loading-unsigned-plugins" >}}) about this setting.
### Cookie path
Starting from Grafana v7.0.0, the cookie path does not include the trailing slash if Grafana is served from a subpath in order to align with [RFC 6265](https://tools.ietf.org/html/rfc6265#section-5.1.4). However, stale session cookies (set before the upgrade) can result in unsuccessful logins because they can not be deleted during the standard login phase due to the changed cookie path. Therefore users experiencing login problems are advised to manually delete old session cookies, or administrators can fix this for all users by changing the [`login_cookie_name`]({{< relref "configuration/#login-cookie-name" >}}), so the old cookie would get ignored.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment