Bug #9973
Session cookie is defined twice in HTTP API
| Status: | Invalid | Start date: | 06/08/2016 | |
|---|---|---|---|---|
| Priority: | Medium | Due date: | ||
| Assignee: | Jesús García Crespo | % Done: | 0% | |
| Category: | Web service API | |||
| Target version: | Release 2.4.0 | |||
| Google Code Legacy ID: | Tested version: | 2.3 | ||
| Sponsored: | No | Requires documentation: |
Description
For example:
http http://127.0.0.1:32771/api/informationobjects/1302797428 REST-API-Key:yourapikeyhere
Produces:
HTTP/1.1 200 OK
Cache-Control: private
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Wed, 08 Jun 2016 23:50:37 GMT
Server: nginx/1.9.14
Set-Cookie: symfony=valuecookie1:valuecookie2; expires=Fri, 08-Jul-2016 23:50:37 GMT; Max-Age=2592000; path=/; HttpOnly
Transfer-Encoding: chunked
X-Powered-By: PHP/7.0.7
{
"digital_object": {
"uploaded_at": "June 8, 2016 2:48 PM",
},
"publication_status": "Published",
"reference_code": "P-1094991174",
"scope_and_content": "686363781",
"title": "1302797428"
}
I suspect that the token filter (https://github.com/artefactual/atom/blob/qa/2.4.x/plugins/arRestApiPlugin/lib/arRestApiPluginTokenAuthFilter.class.php#L56) needs to throw away the factory session. Perhaps, we need to change the way that we do authentication so it plays better with the existing factory (myUser).
History
#1 Updated by Jesús García Crespo almost 6 years ago
- Target version changed from Release 2.4.0 to Release 2.3.0
#2 Updated by Jesús García Crespo almost 6 years ago
- Related to Bug #10135: Restore API basic HTTP authentication added
#3 Updated by Jesús García Crespo almost 6 years ago
- Related to deleted (Bug #10135: Restore API basic HTTP authentication)
#4 Updated by Jesús García Crespo almost 6 years ago
- Target version changed from Release 2.3.0 to Release 2.4.0
#5 Updated by Nick Wilkinson about 5 years ago
- Assignee set to José Raddaoui Marín
#6 Updated by Nick Wilkinson about 5 years ago
- Priority changed from High to Medium
#7 Updated by José Raddaoui Marín about 5 years ago
- Status changed from New to Invalid
- Assignee changed from José Raddaoui Marín to Jesús García Crespo
I think this is no longer an issue, Postman says "No cookie for you" :(
Authentication has been moved to https://github.com/artefactual/atom/blob/qa/2.4.x/plugins/arRestApiPlugin/lib/QubitApiAction.class.php since this ticket was created.