Item1865: username= and password= no longer work for REST handlers
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
The headlined problem was the first in a whole sequence affecting 1.0.x and 1.1
Context: I have an application that runs either from the command line, or from a Foswiki page. This is a Foswiki application, which performs REST calls to a second server. The application knows a username and password on the second server, so can pass username= and password= over for the first REST call. Subsequent calls rely on there being a session established by the first call.
First problem is that username= and password= no longer authenticate you to a REST handler. The reason is that the request is rejected by the REST code ever gets called, in the depths of the Users code.
Second problem is that the rest handlers don't respond with a standard page, and while the status code is set correctly, the cookies are not. So subsequent requests don;t have the session cookie, and are 302ed.
Third problem is that there's no way to validate, so I have no choice but to turn off strikeone on the remote server.
- 30 Jul 2009
All the above problems have been resolved.
- 05 Aug 2009