Hi Sameera, I ran the cURL command to sort asset types with an incorrect sessionID [1] to figure out what status code is displayed when a wrong session ID is passed. The status code 200 OK was returned even though the session ID is wrong. Shouldn't it return some error status codes such as 403 Forbidden.
[1] MariH:bin Admin16$ curl -k -X GET " https://localhost:9443/publisher/apis/assets?type=gadget&sort=+overview_name"; -b 'JSESSIONID=E103647A8FDA32E5ABD' -v [2] * About to connect() to localhost port 9443 (#0) * Trying ::1... * Connection refused * Trying 127.0.0.1... * connected * Connected to localhost (127.0.0.1) port 9443 (#0) * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using EDH-RSA-DES-CBC3-SHA * Server certificate: * subject: C=US; ST=CA; L=Mountain View; O=WSO2; CN=localhost * start date: 2010-02-19 07:02:26 GMT * expire date: 2035-02-13 07:02:26 GMT * common name: localhost (matched) * issuer: C=US; ST=CA; L=Mountain View; O=WSO2; CN=localhost * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > GET /publisher/apis/assets?type=gadget&sort=+overview_name HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8| zlib/1.2.5 > Host: localhost:9443 > Accept: */* > Cookie: JSESSIONID=E103647A8FDA32E5ABD > < HTTP/1.1 200 OK < Set-Cookie: JSESSIONID=C4F728A9862483C847A44A68B40EC04C; Path=/publisher/; Secure; HttpOnly < Content-Type: text/html < Content-Length: 32 < Date: Mon, 22 Jun 2015 06:04:05 GMT < Server: WSO2 Carbon Server < * Connection #0 to host localhost left intact { error:"Authentication error" }* Closing connection #0 * SSLv3, TLS alert, Client hello (1): Regards, Mariangela *Mariangela Hills* Senior Technical Writer - WSO2, Inc. http://wso2.com Committer and PMC member - Apache Stratos email:[email protected] | mobile: +94 773 500185
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
