Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 3294 by dam...@pernixdata.com: provide DELETE for http://reviews.example.com/api/session/
http://code.google.com/p/reviewboard/issues/detail?id=3294


What version are you running?
1.7.14

What's the URL of the page containing the problem?
DELETE http://reviews.example.com/api/session/

What steps will reproduce the problem?
1. use DELETE method for http://reviews.example.com/api/session/
2.
3.

What is the expected output? What do you see instead?
I get: 405 Method Not Allowed
this is the documented behavior - http://www.reviewboard.org/docs/manual/dev/webapi/2.0/authenticating/#logging-out
But since the defaults are persistent cookies backed by a database,
I would like to have a way to delete sessions; proper logout workflow for my use case.


What operating system are you using? What browser?
CentOS 6.5 / Chrome

Please provide any additional information below.
here is my workflow:
- login and get a cookie from a service accounts (e.g. jenkins)
- provide cookie to test job so they can get more information, e.g.
  - repository
  - diff
- destroy cookie so nobody else can make requests?

the problem is that if somebody gets a hold of the rbsessionid, they
can use it regardless of me doing best efforts to destroy the cookie.

--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.

Reply via email to