oVirt impersonation and sessions
by Anastasiya Ruzhanskaya
Hello everyone!
I wanted to find out how the impersonation technique used in oVirt works? I
know from libvirt developers, that oVirt opens one connection only for
multiple clients. How does this work?
Also I found out in source code that in ActionParameterBase class the
sessionId field is marked transient but, for example, for GWT rpc message,
which goes to the server and says what action will be made (shut down,
pause vm) this is the only field in all sent information which says what
the session is. Where is the session sent instead? There was also a field
with session id in https headers, but this was related to cookie so I am
not completely sure if this can help to identify the current user.