× Here you can get community support related to ReDJ.

session_id restart after one time use in endpoint

  • sepehr09
  • Topic Author
  • Offline
  • New Member
  • New Member
More
8 years 1 week ago - 8 years 1 week ago #5747 by sepehr09
hi
i'm using jbackend for android & i'm not using cookie in my application,so i'm using session_id .
when i'm login & catch session_id from response, i can use that as end-poin for each my requset url.

i need to check user guest or not, ,when i call something with session_id end-point , everyting is ok. but as second time session_id isn't work anymore

example :

step 1 :
http://localhost/mysite/index.php/api/post/user/login?username=user1&password=user1
response : "session_id": "a7hgt3ir086iq55f8o16pjb2a5"

step 2 :
http://localhost/mysite/index.php/api/get/user/profile?session_id=a7hgt3ir086iq55f8o16pjb2a5

response : ok


after that the session_id (a7hgt3ir086iq55f8o16pjb2a5) not working anymore!

if i'm use that session_id again :
http://localhost/mysite/index.php/api/get/user/profile?session_id=a7hgt3ir086iq55f8o16pjb2a5

response : "status": "ko"

i hope explain my problem
thank you
Last edit: 8 years 1 week ago by sepehr09.

Please Log in or Create an account to join the conversation.

More
8 years 1 week ago #5748 by admin
Hi
your usage is right but as indicated here:

www.selfget.com/products/jbackend/jbackend-community.html

The session_id is not supported by Community version.

Kind regards
The following user(s) said Thank You: sepehr09

Please Log in or Create an account to join the conversation.

More
7 years 2 months ago #6302 by vacidesign
Replied by vacidesign on topic session_id restart after one time use in endpoint
Hi,

I've renewed my subscription and downloaded JBackend3.5.0_J3.zip and installed it and found that this issue does exist.

How to re-create;
1) Download the latest version of cocoa-rest-client here github.com/mmattozzi/cocoa-rest-client/releases/tag/1.4.2

Do not try repeat this with Postman or Insomnia as they store cookies and thus bypass this issue.

2) In a test joomla site;
a) create an article with access set to registered users so it requires some level of login to see
b) create a test super user so we can be sure we have access

3) Now try logging in e.g.
http://localhost:8888/joomla/rest/post/user/login with your credentials as normal

You should get your session_id from here.

4) Now lets get that restricted article from step 2 e.g.
http://localhost:8888/joomla/rest/get/content/articles/1?session_id=a8cd3c9e90820fd8a7e05b5672d24975

1st try
{
"status": "ok",
"id": "1",
"title": "Test",
"alias": "test",
... etc
}

2nd try
{
"status": "ko",
"error_code": "CNT_ANA",
"error_description": "Access not authorized"
}

This issue crops up in apps like cordova and phonegap as they cannot pass cookies hence the existence of the session_id option, however the session_id changes after the first proper use and then fails.

I hope this helps, I really need this fixed too.

Please Log in or Create an account to join the conversation.

More
7 years 2 months ago #6303 by vacidesign
Replied by vacidesign on topic session_id restart after one time use in endpoint
So I tested from Joomla 3.4.8 to 3.7.5 with JBackend Full Edition 3.1.0 to 3.5.0 and found more details about the issue.

Before Joomla 3.5.0 it works, then from Joomla 3.5.0 onwards the issue arrises.

Looking at the Joomla 3.5.0 changes on github shows the JSession was refactored see github.com/joomla/joomla-cms/pull/5088

This may be why in Joomla 3.5.0 with JBackend 3.1.0 to 3.5.0 the result is "Failed to start session, already started by PHP"
Then in Joomla 3.5.1 onwards with JBackend 3.1.0 to 3.5.0 the result is works once then doesn't work after that.

I'm going to look further into this and report back on what I find.

Please Log in or Create an account to join the conversation.

More
7 years 2 months ago #6306 by admin
Have you enabled it? To do this, open the jbackend user plugin and set the last option "Enable session id" to Yes.

Let me know...

Please Log in or Create an account to join the conversation.

More
7 years 2 months ago #6307 by vacidesign
Replied by vacidesign on topic session_id restart after one time use in endpoint
Yes I have.

jBackend - User Module plugin - Enable session id is set to yes.

Please Log in or Create an account to join the conversation.

Time to create page: 0.171 seconds