Hi Sameera,

I ran the cURL command to sort asset types with an incorrect sessionID [1]
to figure out what status code is displayed when a wrong session ID is
passed. The status code 200 OK was returned even though the session ID is
wrong. Shouldn't it return some error status codes such as 403 Forbidden.


[1]
MariH:bin Admin16$ curl -k -X GET "
https://localhost:9443/publisher/apis/assets?type=gadget&sort=+overview_name";
-b 'JSESSIONID=E103647A8FDA32E5ABD' -v


[2]
* About to connect() to localhost port 9443 (#0)
*   Trying ::1...
* Connection refused
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 9443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using EDH-RSA-DES-CBC3-SHA
* Server certificate:
*  subject: C=US; ST=CA; L=Mountain View; O=WSO2; CN=localhost
*  start date: 2010-02-19 07:02:26 GMT
*  expire date: 2035-02-13 07:02:26 GMT
*  common name: localhost (matched)
*  issuer: C=US; ST=CA; L=Mountain View; O=WSO2; CN=localhost
*  SSL certificate verify result: unable to get local issuer certificate
(20), continuing anyway.
> GET /publisher/apis/assets?type=gadget&sort=+overview_name HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0
OpenSSL/0.9.8| zlib/1.2.5
> Host: localhost:9443
> Accept: */*
> Cookie: JSESSIONID=E103647A8FDA32E5ABD
>
< HTTP/1.1 200 OK
< Set-Cookie: JSESSIONID=C4F728A9862483C847A44A68B40EC04C;
Path=/publisher/; Secure; HttpOnly
< Content-Type: text/html
< Content-Length: 32
< Date: Mon, 22 Jun 2015 06:04:05 GMT
< Server: WSO2 Carbon Server
<
* Connection #0 to host localhost left intact
{ error:"Authentication error" }* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Regards,
Mariangela


*Mariangela Hills*
Senior Technical Writer - WSO2, Inc. http://wso2.com
Committer and PMC member - Apache Stratos
email:[email protected] | mobile: +94 773 500185
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to