Hi,
I've renewed my subscription and downloaded JBackend3.5.0_J3.zip and installed it and found that this issue does exist.
How to re-create;
1) Download the latest version of cocoa-rest-client here
github.com/mmattozzi/cocoa-rest-client/releases/tag/1.4.2
Do not try repeat this with Postman or Insomnia as they store cookies and thus bypass this issue.
2) In a test joomla site;
a) create an article with access set to registered users so it requires some level of login to see
b) create a test super user so we can be sure we have access
3) Now try logging in e.g.
http://localhost:8888/joomla/rest/post/user/login with your credentials as normal
You should get your session_id from here.
4) Now lets get that restricted article from step 2 e.g.
http://localhost:8888/joomla/rest/get/content/articles/1?session_id=a8cd3c9e90820fd8a7e05b5672d24975
1st try
{
"status": "ok",
"id": "1",
"title": "Test",
"alias": "test",
... etc
}
2nd try
{
"status": "ko",
"error_code": "CNT_ANA",
"error_description": "Access not authorized"
}
This issue crops up in apps like cordova and phonegap as they cannot pass cookies hence the existence of the session_id option, however the session_id changes after the first proper use and then fails.
I hope this helps, I really need this fixed too.