Firefox
> Session ID:
> BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
> SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595
Perl
> Session ID: 6ef6e5b8289004d925517d48294f1cc1
Give the vast difference between these two Session IDs it makes me
wonder if that is related to you problem? Does this relate in any way to
"cross-site forgery protection?"
Julien Genestoux wrote:
> Hello,
>
> I am working on the API of our webservice. API users need to
> authenticate some of their calls...
> When I am performig the call through Firefox, everything is fine as
> shown in the log :
>
> Processing OwnershipsController#new (for 67.207.118.174 at 2008-09-26
> 16:20:03) [GET]
> Session ID:
> BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
> SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595
> Parameters: {"format"=>"xml", "action"=>"new",
> "controller"=>"sources/ownerships", "password"=>"MYPASS",
> "login"=>"MYUSER", "source_id"=>"1247"}
> Completed in 0.01454 (68 reqs/sec) | Rendering: 0.00705 (48%) | DB:
> 0.00378 (25%) | 200 OK
> [http://site.com/sources/1247/ownerships/new.xml?login=
> MYUSER&password=MYPASS]
>
> However, if I perform the exact same call from an external client
> wirtten in Perl, here is what I get n my log :
>
> Processing OwnershipsController#new (for 67.202.41.41 at 2008-09-26
> 16:19:39) [GET]
> Session ID: 6ef6e5b8289004d925517d48294f1cc1
> Parameters: {"format"=>"xml", "action"=>"new",
> "controller"=>"sources/ownerships", "password"=>"MYPASS",
> "login"=>"MYUSER", "source_id"=>"1247"}
> Filter chain halted as [:login_required] rendered_or_redirected.
> Completed in 0.00284 (351 reqs/sec) | Rendering: 0.00066 (23%) | DB:
> 0.00000 (0%) | 401 Unauthorized
> [http://site.com/sources/1247/ownerships/new.xml?login=MYUSER&password=MYPASS]
>
> As you can see the parameters are precisely the same and, in one case,
> the call is successful while in another case it's not!
>
> Do you guys have any idea on how to solve this?
>
> Thanks a lot!
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
