Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

for API need to return status code 401 when cookie session is expired #291

Closed
trueboroda opened this issue Aug 27, 2019 · 3 comments
Closed

for API need to return status code 401 when cookie session is expired #291

trueboroda opened this issue Aug 27, 2019 · 3 comments
Assignees
@tatarincev
Labels
bug

Comments

@trueboroda
Copy link
Contributor

  • Platform version: 2.13.46
  • Storefront version: 4.0.0.0

Expected behavior

When auth cookie session time expired API methods must return HTTP Status code 401.

Actual behavior

Now, in this case, returned 200 Ok. Response body contains HTML text of page '/Account/Login'. That is, the backend returns us a MVC view of login page instead of 401 Code.

Steps to reproduce

  1. Reduce CookieAuthenticationOptions.ExpireTimeSpan param of appsetings.json to convenient for test purpose. For example to 2 min.
  2. Start storefront with any theme.
  3. Go to the page where angular app of theme call some API method.
  4. Open browsers console on tab network. After the tuned cookie time is expired do page refresh with F5 and see any api calling result response. The response will contain all as described above.
@trueboroda trueboroda added the bug label Aug 27, 2019
@tatarincev tatarincev added this to the Operations milestone Aug 27, 2019
@trueboroda
Copy link
Contributor Author

Also, need to return 403 when forbidden.

@tatarincev
Copy link
Contributor

Fixed by this commit 3c93253

@tatarincev
Copy link
Contributor

Released https://github.com/VirtoCommerce/vc-storefront-core/releases/tag/v4.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tatarincev tatarincev

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tatarincev @trueboroda