Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug - Password needed to remove own session via GenericInterface #638

Open
gpregger-ethz opened this issue Feb 11, 2025 · 0 comments
Open

Bug - Password needed to remove own session via GenericInterface #638

gpregger-ethz opened this issue Feb 11, 2025 · 0 comments

Comments

@gpregger-ethz
Copy link

gpregger-ethz commented Feb 11, 2025
edited
Loading

Environment

  • Server OS: Linux
  • Browser: Python Requests
  • Znuny version: 6.5.11

Expected behavior

I have a webservice that allows me to open a session by authenticating with my agent username and password.
When I'm done with the service I would like to remove my session using the SessionRemove Operation.
I expect to be able to do that using only my Session ID and username.

Actual behavior

I get an authentication failure unless I also specify my agent password in the SessionRemove request.
90% of the reason I'm using a session is because I don't want to hold on to the user's password in my script and I don't see a reason why the password is required - at least to remove my own session, the Session ID should suffice as authentication, that's kind of its purpose, right?

How to reproduce

Steps to reproduce the behavior:

  1. Create a WebService with at least the SessionCreate and SessionRemove operations
  2. Create a session. I'm using python requests
  3. Remove the session without specifying your password.

Additional information

Screenshots
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gpregger-ethz