WebService should not return session cookie
WebService should not return session cookie
Description
When testing FusionDirectory webservices with Postman, I get some strange issues and I found it was because webservice is setting a cookie. When a client call login method with a cookie from a previous login method, there is no new session created.
FusionDirectory Version
1.2
Plugin with the defect
WebService
Steps to Reproduce
Curl debug:
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> POST /fusiondirectory/jsonrpc.php HTTP/1.1
> Host: localhost
> User-Agent: curl/7.55.1
> Accept: */*
> Cache-Control: no-cache
> content-type: application/json
> Content-Length: 74
>
* upload completely sent off: 74 out of 74 bytes
< HTTP/1.1 200 OK
< Date: Mon, 12 Mar 2018 17:56:29 GMT
< Server: Apache/2.4.27 (Ubuntu)
< Set-Cookie: FusionDirectory=lu1eb08gqt5h0l4gj9j8if2qak; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Set-Cookie: FusionDirectory=s3h0aj27llsqppueqnucqhvfud; path=/
< Vary: Accept-Encoding
< Content-Length: 563
< Content-Type: text/html; charset=UTF-8Expected behavior:
There should not be Set-Cookie in the response.
Actual behavior:
Cookie is set.
Reproduces how often:
Always
Additional Information
It is possible with PHP to not send cookies when using sessions:
ini_set("session.use_cookies",0);
ini_set("session.use_only_cookies",1);Activity
added PJ1802-0188 label
changed milestone to %FusionDirectory 1.3
created branch
5810-webservice-should-not-return-session-cookiementioned in commit 180a0707
added To Be Tested label
@coudot Hello, you had time to try it again ? Or it's possible to have the curl commands you used to have the log ?
Cheers.
removed To Be Tested label
added Fixed label
added fixes label
added fixes-merged and removed fixes labels
changed milestone to %FusionDirectory 1.2.2
