Bug #9973

Session cookie is defined twice in HTTP API

Added by Jesús García Crespo about 4 years ago. Updated about 3 years ago.

Status:InvalidStart date:06/08/2016
Priority:MediumDue date:
Assignee:Jesús García Crespo% Done:

0%

Category:Web service API
Target version:Release 2.4.0
Google Code Legacy ID: Tested version:2.3
Sponsored:No Requires documentation:

Description

For example:

http http://127.0.0.1:32771/api/informationobjects/1302797428 REST-API-Key:yourapikeyhere

Produces:

HTTP/1.1 200 OK
Cache-Control: private
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Wed, 08 Jun 2016 23:50:37 GMT
Server: nginx/1.9.14
Set-Cookie: symfony=valuecookie1:valuecookie2; expires=Fri, 08-Jul-2016 23:50:37 GMT; Max-Age=2592000; path=/; HttpOnly
Transfer-Encoding: chunked
X-Powered-By: PHP/7.0.7

{
    "digital_object": {
        "uploaded_at": "June 8, 2016 2:48 PM", 
    }, 
    "publication_status": "Published", 
    "reference_code": "P-1094991174", 
    "scope_and_content": "686363781", 
    "title": "1302797428" 
}

I suspect that the token filter (https://github.com/artefactual/atom/blob/qa/2.4.x/plugins/arRestApiPlugin/lib/arRestApiPluginTokenAuthFilter.class.php#L56) needs to throw away the factory session. Perhaps, we need to change the way that we do authentication so it plays better with the existing factory (myUser).

History

#1 Updated by Jesús García Crespo almost 4 years ago

  • Target version changed from Release 2.4.0 to Release 2.3.0

#2 Updated by Jesús García Crespo almost 4 years ago

  • Related to Bug #10135: Restore API basic HTTP authentication added

#3 Updated by Jesús García Crespo almost 4 years ago

  • Related to deleted (Bug #10135: Restore API basic HTTP authentication)

#4 Updated by Jesús García Crespo almost 4 years ago

  • Target version changed from Release 2.3.0 to Release 2.4.0

#5 Updated by Nick Wilkinson about 3 years ago

  • Assignee set to José Raddaoui Marín

#6 Updated by Nick Wilkinson about 3 years ago

  • Priority changed from High to Medium

#7 Updated by José Raddaoui Marín about 3 years ago

  • Status changed from New to Invalid
  • Assignee changed from José Raddaoui Marín to Jesús García Crespo

I think this is no longer an issue, Postman says "No cookie for you" :(

Authentication has been moved to https://github.com/artefactual/atom/blob/qa/2.4.x/plugins/arRestApiPlugin/lib/QubitApiAction.class.php since this ticket was created.

Also available in: Atom PDF