| Reporter |
Mark Derricutt (talios)
|
|---|---|
| Created | Apr 15, 2013 3:35:30 AM |
| Updated | Apr 15, 2013 3:35:56 AM |
| Priority | Normal |
| Type | Bug |
| State | Open |
| Assignee | Anna Zhdan (Anna.Zhdan) |
| Subsystem | REST API |
| Fix versions | No Fix versions |
| Fixed in builds | No Fixed in build |
| Affected versions | 4.2.1 |
| Browser | Any Browser |
| OS | Any OS |
| Verified in build | Not verified |
| Verified by | Nobody |
| Reviewed by | No reviewed by |
| Severity | Routine |
We just upgraded our YouTrack instance from 4.0.2 up to 4.2.1 and I'm noticing some issues with a tool I've written to interop with the REST API.
Previously I was caching my Auth cookie/credentials in a naive way ( just caching for 2 hours actually ) without checking the Expiration time on the cookie header, however this didn't actually pose any problems and my app worked fine.
Under 2.4.1 however, I see that the cookie expires pretty much instantly.
What steps will reproduce the problem?
1. POST to /rest/user/login
2. Store Cookies
3. Reuse cookies, find user authentication fails
What is the expected result?
Subsequent REST calls using the saved Cookies should be successful.
What happens instead?
It appears that under YouTrack 2.4.1, the returned cookie has an expiration which is the same time the cookie was generated, only in GMT:
ie. At "Wed 10 Apr 2013 10:22:41 NZST" - curl -v -d login=markd http://youtrack/rest/user/login
< Set-Cookie: JSESSIONID=...;Path=/
< Set-Cookie: jetbrains.charisma.main.security.PRINCIPAL=....;Path=/;Expires=Wed, 09-Apr-2014 22:22:41 GMT
Both the request, and the cookie expiration are for 10:22:41, only one is in NZST and one in GMT.
I reported this initial on the forum as http://forum.jetbrains.com/thread/YouTrack-941 but received no response.
Previously I was caching my Auth cookie/credentials in a naive way ( just caching for 2 hours actually ) without checking the Expiration time on the cookie header, however this didn't actually pose any problems and my app worked fine.
Under 2.4.1 however, I see that the cookie expires pretty much instantly.
What steps will reproduce the problem?
1. POST to /rest/user/login
2. Store Cookies
3. Reuse cookies, find user authentication fails
What is the expected result?
Subsequent REST calls using the saved Cookies should be successful.
What happens instead?
It appears that under YouTrack 2.4.1, the returned cookie has an expiration which is the same time the cookie was generated, only in GMT:
ie. At "Wed 10 Apr 2013 10:22:41 NZST" - curl -v -d login=markd http://youtrack/rest/user/login
< Set-Cookie: JSESSIONID=...;Path=/
< Set-Cookie: jetbrains.charisma.main.security.PRINCIPAL=....;Path=/;Expires=Wed, 09-Apr-2014 22:22:41 GMT
Both the request, and the cookie expiration are for 10:22:41, only one is in NZST and one in GMT.
I reported this initial on the forum as http://forum.jetbrains.com/thread/YouTrack-941 but received no response.