[Rails] Re: Problem with authentication... Acts As Authenticated

Fri, 26 Sep 2008 16:46:32 -0700 

Firefox
>   Session ID:
> BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
> SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595

Perl
>   Session ID: 6ef6e5b8289004d925517d48294f1cc1

Give the vast difference between these two Session IDs it makes me 
wonder if that is related to you problem? Does this relate in any way to 
"cross-site forgery protection?"

Julien Genestoux wrote:
> Hello,
> 
> I am working on the API of our webservice. API users need to
> authenticate some of their calls...
> When I am performig the call through Firefox, everything is fine as
> shown in the log :
> 
> Processing OwnershipsController#new (for 67.207.118.174 at 2008-09-26
> 16:20:03) [GET]
>   Session ID:
> BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
> SGFzaHsABjoKQHVzZWR7AA==--5a5630c016ccd9482ce679e272d3d53adea86595
>   Parameters: {"format"=>"xml", "action"=>"new",
> "controller"=>"sources/ownerships", "password"=>"MYPASS",
> "login"=>"MYUSER", "source_id"=>"1247"}
> Completed in 0.01454 (68 reqs/sec) | Rendering: 0.00705 (48%) | DB:
> 0.00378 (25%) | 200 OK
> [http://site.com/sources/1247/ownerships/new.xml?login=
> MYUSER&password=MYPASS]
> 
> However, if I perform the exact same call from an external client
> wirtten in Perl, here is what I get n my log :
> 
> Processing OwnershipsController#new (for 67.202.41.41 at 2008-09-26
> 16:19:39) [GET]
>   Session ID: 6ef6e5b8289004d925517d48294f1cc1
>   Parameters: {"format"=>"xml", "action"=>"new",
> "controller"=>"sources/ownerships", "password"=>"MYPASS",
> "login"=>"MYUSER", "source_id"=>"1247"}
> Filter chain halted as [:login_required] rendered_or_redirected.
> Completed in 0.00284 (351 reqs/sec) | Rendering: 0.00066 (23%) | DB:
> 0.00000 (0%) | 401 Unauthorized
> [http://site.com/sources/1247/ownerships/new.xml?login=MYUSER&password=MYPASS]
> 
> As you can see the parameters are precisely the same and, in one case,
> the call is successful while in another case it's not!
> 
> Do you guys have any idea on how to solve this?
> 
> Thanks a lot!
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to