Details
-
Bug
-
Resolution: Fixed
-
High
-
5.3-dev, 2014.03
-
None
Description
As written in the REST spec, the DELETE request on the user session resource should send the HTTP header so that the session cookie is removed from the user agent but that's not the case currently:
$ curl -i -X DELETE http://ezpublish5.loc/api/ezp/v2/user/sessions/nchcbmtib8n61bj4h1tfnldg44 -H "X-Csrf-Token: 5ceb02c8ac5e2fa7477cc8ac8a3299748f416625" -H "Cookie: eZSESSID=nchcbmtib8n61bj4h1tfnldg44" HTTP/1.1 204 No Content Date: Fri, 25 Apr 2014 21:10:29 GMT Server: Apache/2.4.7 (Ubuntu) X-Powered-By: PHP/5.5.9-1ubuntu4 Set-Cookie: eZSESSID=vjr2g2mto9e9vha2iv113uq174; path=/ Set-Cookie: eZSESSID=vjr2g2mto9e9vha2iv113uq174; path=/ Cache-Control: no-cache X-Debug-Token: 0f3491