Details
-
Bug
-
Resolution: Invalid
-
Critical
-
dev-master
-
None
-
Pollux Core S5
Description
When attempting to create a new session using POST /user/sessions , the request will fail if an old/stale/invalid session cookie already exists.
curl 'http://ezpublish-community.local/api/ezp/v2/user/sessions' \ -H 'Content-Type: application/vnd.ez.api.SessionInput+json' \ -H 'Accept: application/vnd.ez.api.Session+json' \ --data-binary '{"SessionInput":{"login":"admin","password":"publish"}}' \ --cookie "eZSESSID=_invalid_"
The result is HTTP 401: Unauthorized, with the follwing JSON response:
"ErrorMessage":{ "_media-type":"application\/vnd.ez.api.ErrorMessage+json", "errorCode":401, "errorMessage":"Unauthorized", "errorDescription":"User does not have access to '' 'Missing or invalid CSRF token'", "trace":"#0 [internal function]: eZ\\Publish\\Core\\REST\\Server\\Controller\\User->createSession()\n#1 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(3020): call_user_func_array(Array, Array)\n#2 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(2982): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw(Object(Symfony\\Component\\HttpFoundation\\Request), 1)\n#3 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(3131): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#4 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(2376): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#5 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(490): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#6 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Bundle\/FrameworkBundle\/HttpCache\/HttpCache.php(60): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->forward(Object(Symfony\\Component\\HttpFoundation\\Request), true, NULL)\n#7 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(261): Symfony\\Bundle\\FrameworkBundle\\HttpCache\\HttpCache->forward(Object(Symfony\\Component\\HttpFoundation\\Request), true)\n#8 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(278): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->pass(Object(Symfony\\Component\\HttpFoundation\\Request), true)\n#9 \/var\/www\/ezpublish-community\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Bundle\/EzPublishCoreBundle\/HttpCache.php(42): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->invalidate(Object(Symfony\\Component\\HttpFoundation\\Request), true)\n#10 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(207): eZ\\Bundle\\EzPublishCoreBundle\\HttpCache->invalidate(Object(Symfony\\Component\\HttpFoundation\\Request), true)\n#11 \/var\/www\/ezpublish-community\/vendor\/friendsofsymfony\/http-cache-bundle\/HttpCache.php(82): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#12 \/var\/www\/ezpublish-community\/web\/index.php(81): FOS\\HttpCacheBundle\\HttpCache->handle(Object(Symfony\\Component\\HttpFoundation\\Request))\n#13 {main}","file":"\/var\/www\/ezpublish-community\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/REST\/Server\/Controller\/User.php","line":997}}