Add caveat for webapi admin session authentication bug

[sta1r]

Purpose of this pull request

This PR adds an important caveat to the docs relating to session-based authentication for webapi endpoints, for logged-in admins.

Please refer to these two outstanding issues:

• Session-based authentication for REST API in admin magento2#14297
• webapi admin authentication magento2#9138 [this is the older issue so I have referenced this in my comment]

As you can see from the discussion here, this is a long-standing problem dating back to 2.1.x. Clearly, the docs outline how it should work, but seeing as it definitely does not, it's helpful to provide a note here to alert developers. Arguably there should be a more extensive rewrite with admin access moved to a 'pending functionality' section but that's beyond the remit of this contribution!

With any luck the fix is picked up soon and access works as expected.

Affected DevDocs pages

• https://devdocs.magento.com/guides/v2.4/get-started/authentication/gs-authentication-session.html

[devops-devdocs]

An admin must run tests on this PR before it can be merged.

[dobooth]

running tests

[ghost]

Hi @sta1r, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.