[4.1.1] REST endpoint not getting logged in user.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[4.1.1] REST endpoint not getting logged in user.

Nathan Keiter

I am logged in to our site (via HTTPS)

 

In the same browser, different tab, I am hitting my REST endpoint (via HTTP)

 

User is coming through as anonymous instead of me? ( initDataObject.getUser() )

 

The only thing I can think of is that one is HTTPS and one is HTTP, but the REST endpoint won’t work over HTTPS (different thread)

 

Why is my logged in user not getting picked up by the REST endpoint?

 

Nathan I. Keiter | Lead Network Applications Programmer | Benefits Advisory Council Member | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993

https://www.gettysburg.edu

 

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/464f591732794db08076cdadab53ab70%40exch13c.ms.gettysburg.edu.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [4.1.1] REST endpoint not getting logged in user.

Maarten Daalder
Hi Nathan,

This is either the secure flag on the session cookie (meaning the session cookie won't ever be transmitted over HTTP) or the browser seeing the HTTP and HTTPS endpoints as two different domains/origns, and thus not sending the session cookie from the HTTPS domain/origin to the HTTP domain/origin.

With kind regards,
Maarten Daalder
ISAAC

On Wednesday, 25 October 2017 22:09:50 UTC+2, Nathan Keiter wrote:

I am logged in to our site (via HTTPS)

 

In the same browser, different tab, I am hitting my REST endpoint (via HTTP)

 

User is coming through as anonymous instead of me? ( initDataObject.getUser() )

 

The only thing I can think of is that one is HTTPS and one is HTTP, but the REST endpoint won’t work over HTTPS (different thread)

 

Why is my logged in user not getting picked up by the REST endpoint?

 

Nathan I. Keiter | Lead Network Applications Programmer | Benefits Advisory Council Member | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993

<a href="https://www.gettysburg.edu/" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.gettysburg.edu%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG7XlfToBr_IA0adrY4nu9tVtLS_w&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.gettysburg.edu%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG7XlfToBr_IA0adrY4nu9tVtLS_w&#39;;return true;">https://www.gettysburg.edu

 

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/f423663e-40f9-457c-8c0e-c8f4c3260e7c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [4.1.1] REST endpoint not getting logged in user.

Nathan Keiter

Argh… yes browser issue.

 

Firefox works just fine for this.

 

Apparently Chrome won’t cooperate.

 

Thanks Maarten

 

Nathan I. Keiter | Lead Network Applications Programmer | Benefits Advisory Council Member | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993

https://www.gettysburg.edu

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Maarten Daalder
Sent: Wednesday, October 25, 2017 5:37 PM
To: dotCMS User Group
Subject: [dotcms] Re: [4.1.1] REST endpoint not getting logged in user.

 

Hi Nathan,

 

This is either the secure flag on the session cookie (meaning the session cookie won't ever be transmitted over HTTP) or the browser seeing the HTTP and HTTPS endpoints as two different domains/origns, and thus not sending the session cookie from the HTTPS domain/origin to the HTTP domain/origin.

 

With kind regards,

Maarten Daalder

ISAAC

On Wednesday, 25 October 2017 22:09:50 UTC+2, Nathan Keiter wrote:

I am logged in to our site (via HTTPS)

 

In the same browser, different tab, I am hitting my REST endpoint (via HTTP)

 

User is coming through as anonymous instead of me? ( initDataObject.getUser() )

 

The only thing I can think of is that one is HTTPS and one is HTTP, but the REST endpoint won’t work over HTTPS (different thread)

 

Why is my logged in user not getting picked up by the REST endpoint?

 

Nathan I. Keiter | Lead Network Applications Programmer | Benefits Advisory Council Member | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993

https://www.gettysburg.edu

 

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/f423663e-40f9-457c-8c0e-c8f4c3260e7c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/f56560c263bc4975aea3fdc2dfb471da%40exch13c.ms.gettysburg.edu.
For more options, visit https://groups.google.com/d/optout.