Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22751

DELETE /user/sessions/<id> does not remove the session cookie

    XMLWordPrintable

Details

    Description

      As written in the REST spec, the DELETE request on the user session resource should send the HTTP header so that the session cookie is removed from the user agent but that's not the case currently:

      $ curl -i -X DELETE http://ezpublish5.loc/api/ezp/v2/user/sessions/nchcbmtib8n61bj4h1tfnldg44 -H "X-Csrf-Token: 5ceb02c8ac5e2fa7477cc8ac8a3299748f416625" -H "Cookie: eZSESSID=nchcbmtib8n61bj4h1tfnldg44"

HTTP/1.1 204 No Content
Date: Fri, 25 Apr 2014 21:10:29 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4
Set-Cookie: eZSESSID=vjr2g2mto9e9vha2iv113uq174; path=/
Set-Cookie: eZSESSID=vjr2g2mto9e9vha2iv113uq174; path=/
Cache-Control: no-cache
X-Debug-Token: 0f3491

      Attachments

        Activity

          People

            Unassigned Unassigned
            damien.pobel-obsolete@ez.no Damien Pobel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h