Persistent Login to Pi-Hole Admin Page


#1

Need to login everytime we visit the admin page.

Can we have cookie persistent sessions so that we don’t have to login everytime (if we want to have it that way)?


#2

You can turn off the password with pihole -a -p, if that would give the functionality you want.


#3

I’ll toss in a vote. Disabling the password is a good start, but there is potential to use Pi-Hole as a safe content filter for homes with children or possibly on work networks where you don’t want the whole office to have access. In those situations it may be more convenient for the network administrator to stay logged in only on certain devices.

But I will say this is a minor inconvenience at best if you have a decent password manager that will autofill for you.


#4

Once you log in, we set a session cookie, valid for 24 minutes. When you navigate around, the cookie will be refreshed every time.
Tip: When you leave the dashboard itself open, then your session will never expire as the constant updates of the diagrams will always refresh your session cookie.

I don’t recall if we set the 24 minutes timeout anywhere explicitly (I don’t think so), but this may be helpful (external resource):


#5

Thanks… using docker I keep forgetting u can do these things… but yeah might have to do it while docker creation

Which I do and thus like to have that option

Ok good to know… whenever i close and reopen browser i have to login… like any other site, would have liked persistent login (if the user chooses to do so knowing the risks)

:slight_smile: :pray:


#6

I think Its has suggested a helpful feature, and I’ve put through a pull request implementing it.

At any normal login, it allows the user the option to set a cookie. (Default behaviour remains unchanged). Once the cookie is set, it is checked for before the login screen, and if present and valid, logs the user in automatically.

Clicking logout clears the cookie, so password will need to be entered again to login in future. The password itself is not stored unhashed.

At the moment the expiry is set for 7 days. Which seems a reasonable sort of medium between entering the login password again after 24 minutes and disabling passwords entirely. Although it might be handy to allow the user to select the duration until cookie expiry as an option in the configuration, I was aiming for a minimal sort of modification here.


#7

One more Q: Is it particularly insecure to have the pihole-admin-password disabled?
I mean, looking from the internet.
(leaving physical in-home access aside of view)
thanks-


#8

Even with a password it’s not a good idea to have your Pi-hole web interface accessible from the internet. An attacker could change your dns settings to point to their own server.

Both the Pi-hole’s web interface and it’s dns server should really only be accessible from on your own network.


#9

Please change the name of the checkbox to something like persistentlogin or similar for the sake of clarity in password.php. Also, remove the comment “(sets cookie)” as this doesn’t add much value here (normal logins also require cookies) and might confuse less tech savvy users. I’m not sure if it’ll be a good idea to store the pwhash in clear text in the user’s browsers, not sure if any other websites could try to steal it. Once you made the changes, I’ll try to code a webpage that steals this cookie when security auditing your contribution.


#10

Done.

(Also fixed the mangled email address).

It would be possible to add an additional hash before storing the cookie, and rehashing the stored one against it on load, but I don’t believe it would add any real benefit to do so.


#11

@ robgill,
thanks for reply., little missunderstanding, I have no access from outside.
I meant only in case of any form of hacking from outside, as I cannot consider the
security risk.
Is it unadvisable to disable the password?
In the network itself is nobody else.

Edit: Thank you!


#12

@piusr

If your pi-hole is only accessible from your own network, then realistically the risk caused by disabling your password entirely is fairly low, but it is not zero.

Here are a few things for you to weigh up and decide based on your own requirements.

To change the settings, someone would already need to access to your network. But, if someone had somehow gained some level of access to your network, then being able to modify your DNS settings could conceivably be used by them to redirect your network traffic to the server of their choice.

The best-case outcome of this happening would maybe be a Denial of Service, but more dangerous possibilities are that they could capture sensitive data and even escalate the level of access and control they have over your network.

This is not a problem faced only by the Pi-hole. The fact is that the same is true of devices such as wireless routers or some cable-modems with disabled passwords, or with their default passwords still enabled.

Ultimately, passwords, cookie authentication and the like are not a guarantee that this will not happen in the face of a determined attacker. But they all work together to minimize the risk.