API Authentication #652

eyedol · 2012-07-01T23:01:33Z

The API auth uses the same web auth. This opens up for CSRF exploitation. A quick fix is to reset the $_SESSION variable when there is an API request that requires authentication.

rjmackay · 2012-07-04T21:35:54Z

Quick fix for this queued for 2.5

* API requests are stateless so should ignore sessions * API requests should authenticate on EVERY request

rjmackay added a commit to rjmackay/Ushahidi_Web that referenced this issue Jul 5, 2012

Stop API requests being authenticated by users session ushahidi#652

6e7aaa8

* API requests are stateless so should ignore sessions * API requests should authenticate on EVERY request

rjmackay added a commit to rjmackay/Ushahidi_Web that referenced this issue Jul 5, 2012

Stop API requests being authenticated by users session ushahidi#652

8375c57

* API requests are stateless so should ignore sessions * API requests should authenticate on EVERY request

rjmackay closed this as completed Jul 5, 2012

rjmackay mentioned this issue Aug 13, 2012

Stop killing user session in API requests #791

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

API Authentication #652

API Authentication #652

eyedol commented Jul 1, 2012

rjmackay commented Jul 4, 2012

API Authentication #652

API Authentication #652

Comments

eyedol commented Jul 1, 2012

rjmackay commented Jul 4, 2012