Bug #9973
Session cookie is defined twice in HTTP API
Status: | Invalid | Start date: | 06/08/2016 | |
---|---|---|---|---|
Priority: | Medium | Due date: | ||
Assignee: | Jesús García Crespo | % Done: | 0% | |
Category: | Web service API | |||
Target version: | Release 2.4.0 | |||
Google Code Legacy ID: | Tested version: | 2.3 | ||
Sponsored: | No | Requires documentation: |
Description
For example:
http http://127.0.0.1:32771/api/informationobjects/1302797428 REST-API-Key:yourapikeyhere
Produces:
HTTP/1.1 200 OK Cache-Control: private Connection: keep-alive Content-Type: application/json; charset=utf-8 Date: Wed, 08 Jun 2016 23:50:37 GMT Server: nginx/1.9.14 Set-Cookie: symfony=valuecookie1:valuecookie2; expires=Fri, 08-Jul-2016 23:50:37 GMT; Max-Age=2592000; path=/; HttpOnly Transfer-Encoding: chunked X-Powered-By: PHP/7.0.7 { "digital_object": { "uploaded_at": "June 8, 2016 2:48 PM", }, "publication_status": "Published", "reference_code": "P-1094991174", "scope_and_content": "686363781", "title": "1302797428" }
I suspect that the token filter (https://github.com/artefactual/atom/blob/qa/2.4.x/plugins/arRestApiPlugin/lib/arRestApiPluginTokenAuthFilter.class.php#L56) needs to throw away the factory session. Perhaps, we need to change the way that we do authentication so it plays better with the existing factory (myUser).
History
#1 Updated by Jesús García Crespo almost 6 years ago
- Target version changed from Release 2.4.0 to Release 2.3.0
#2 Updated by Jesús García Crespo almost 6 years ago
- Related to Bug #10135: Restore API basic HTTP authentication added
#3 Updated by Jesús García Crespo almost 6 years ago
- Related to deleted (Bug #10135: Restore API basic HTTP authentication)
#4 Updated by Jesús García Crespo almost 6 years ago
- Target version changed from Release 2.3.0 to Release 2.4.0
#5 Updated by Nick Wilkinson about 5 years ago
- Assignee set to José Raddaoui Marín
#6 Updated by Nick Wilkinson about 5 years ago
- Priority changed from High to Medium
#7 Updated by José Raddaoui Marín about 5 years ago
- Status changed from New to Invalid
- Assignee changed from José Raddaoui Marín to Jesús García Crespo
I think this is no longer an issue, Postman says "No cookie for you" :(
Authentication has been moved to https://github.com/artefactual/atom/blob/qa/2.4.x/plugins/arRestApiPlugin/lib/QubitApiAction.class.php since this ticket was created.