Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22751

DELETE /user/sessions/<id> does not remove the session cookie

    XMLWordPrintable

    Details

      Description

      As written in the REST spec, the DELETE request on the user session resource should send the HTTP header so that the session cookie is removed from the user agent but that's not the case currently:

      $ curl -i -X DELETE http://ezpublish5.loc/api/ezp/v2/user/sessions/nchcbmtib8n61bj4h1tfnldg44 -H "X-Csrf-Token: 5ceb02c8ac5e2fa7477cc8ac8a3299748f416625" -H "Cookie: eZSESSID=nchcbmtib8n61bj4h1tfnldg44"
      
      HTTP/1.1 204 No Content
      Date: Fri, 25 Apr 2014 21:10:29 GMT
      Server: Apache/2.4.7 (Ubuntu)
      X-Powered-By: PHP/5.5.9-1ubuntu4
      Set-Cookie: eZSESSID=vjr2g2mto9e9vha2iv113uq174; path=/
      Set-Cookie: eZSESSID=vjr2g2mto9e9vha2iv113uq174; path=/
      Cache-Control: no-cache
      X-Debug-Token: 0f3491
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              damien.pobel-obsolete@ez.no Damien Pobel (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours
                  2h