Michael Pasternak has submitted this change and it was merged. Change subject: restapi: Omit of prefer header doesn't turn off session based authentication #916582 ...................................................................... restapi: Omit of prefer header doesn't turn off session based authentication #916582 This patch makes sure we take the http session in case it exists, even if the prefer auth header isn't set. That way, the last request without the prefer header will succeed, and then we would log out. Also, the first request with the prefer header will create a new session, as expected. Requests without the prefer header will not create a session, and no cookie will be returned. Change-Id: Ie61285212c4050bc6dc2c744b3d281648ea542ca Bug-Url: https://bugzilla.redhat.com/916582 Signed-off-by: Oved Ourfali <oourfali@redhat.com> --- M backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java 1 file changed, 4 insertions(+), 4 deletions(-) Approvals: Michael Pasternak: Verified; Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/12588 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie61285212c4050bc6dc2c744b3d281648ea542ca Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: engine_3.2 Gerrit-Owner: Michael Pasternak <mpastern@redhat.com> Gerrit-Reviewer: Michael Pasternak <mpastern@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourfali@redhat.com>