Firefox > Session ID: > BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo > SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595
Perl > Session ID: 6ef6e5b8289004d925517d48294f1cc1 Give the vast difference between these two Session IDs it makes me wonder if that is related to you problem? Does this relate in any way to "cross-site forgery protection?" Julien Genestoux wrote: > Hello, > > I am working on the API of our webservice. API users need to > authenticate some of their calls... > When I am performig the call through Firefox, everything is fine as > shown in the log : > > Processing OwnershipsController#new (for 67.207.118.174 at 2008-09-26 > 16:20:03) [GET] > Session ID: > BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo > SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595 > Parameters: {"format"=>"xml", "action"=>"new", > "controller"=>"sources/ownerships", "password"=>"MYPASS", > "login"=>"MYUSER", "source_id"=>"1247"} > Completed in 0.01454 (68 reqs/sec) | Rendering: 0.00705 (48%) | DB: > 0.00378 (25%) | 200 OK > [http://site.com/sources/1247/ownerships/new.xml?login= > MYUSER&password=MYPASS] > > However, if I perform the exact same call from an external client > wirtten in Perl, here is what I get n my log : > > Processing OwnershipsController#new (for 67.202.41.41 at 2008-09-26 > 16:19:39) [GET] > Session ID: 6ef6e5b8289004d925517d48294f1cc1 > Parameters: {"format"=>"xml", "action"=>"new", > "controller"=>"sources/ownerships", "password"=>"MYPASS", > "login"=>"MYUSER", "source_id"=>"1247"} > Filter chain halted as [:login_required] rendered_or_redirected. > Completed in 0.00284 (351 reqs/sec) | Rendering: 0.00066 (23%) | DB: > 0.00000 (0%) | 401 Unauthorized > [http://site.com/sources/1247/ownerships/new.xml?login=MYUSER&password=MYPASS] > > As you can see the parameters are precisely the same and, in one case, > the call is successful while in another case it's not! > > Do you guys have any idea on how to solve this? > > Thanks a lot! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---