Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21098

REST API assumes you are anonymous if the request contains an expired (or wrong) session id

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • Engineering tracked issues, 5.1, 5.2
    • Platform > REST API v2
    • None

    Description

      If a request to the REST API contains an expired or a wrong session id, the request is handled as if the user were anonymous. As a result, the REST client has no mean to detect that the session is using has expired.

      To me the correct behaviour would be to send a 4xx error.

      Attachments

        Activity

          People

            Unassigned Unassigned
            damien.pobel-obsolete@ez.no Damien Pobel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: