Page Comparison

When trouble-shooting security issues it's often useful to confirm who the user is and what, if any, additional information is associated with that user.

Previously this was possible (to a limited extent) by starting a client in debug mode and viewing the page source, which would contain information about the user in a comment at the bottom of the page, but . But as of Weave 2.6.5 there's also a link that will return all the available information about the user in a single response, that link is /weave/whoami, and if . If you open that page you will see a response that provides all of the details for the user.

If the user is not logged in the page should indicate that the user is an anonymous user but will still provide some additional details, like such as their IP address for example, but if . If the user is logged in it will show their username and roles along with the other details. This can be particularly useful to verify that the roles that are associated with a user are the same as the roles role names that are being used in an ACL, or that the IP address being returned for a user is actually the users IP address and not something else, for example , the IP address of a reverse proxy.