REST API Authentication Timeouts?
Hi all,
We just upgraded our YouTrack instance from 4.0.2 up to 4.2.1 and I'm noticing some issues with a tool I've written to interop with the REST API.
Previously I was caching my Auth cookie/credentials in a naive way ( just caching for 2 hours actually ) without checking the Expiration time on the cookie header, however this didn't actually pose any problems and my app worked fine.
Under 2.4.1 however, I see that the cookie expires pretty much instantly:
curl -v -d login=markd http://youtrack/rest/user/login
Wed 10 Apr 2013 10:22:41 NZST
< Set-Cookie: JSESSIONID=...;Path=/
< Set-Cookie: jetbrains.charisma.main.security.PRINCIPAL=....;Path=/;Expires=Wed, 09-Apr-2014 22:22:41 GMT
Essentially this means I need to auth on every request? Doesn't this make using a cookie for auth kinda pointless?
Or has the API changed?
We just upgraded our YouTrack instance from 4.0.2 up to 4.2.1 and I'm noticing some issues with a tool I've written to interop with the REST API.
Previously I was caching my Auth cookie/credentials in a naive way ( just caching for 2 hours actually ) without checking the Expiration time on the cookie header, however this didn't actually pose any problems and my app worked fine.
Under 2.4.1 however, I see that the cookie expires pretty much instantly:
curl -v -d login=markd http://youtrack/rest/user/login
Wed 10 Apr 2013 10:22:41 NZST
< Set-Cookie: JSESSIONID=...;Path=/
< Set-Cookie: jetbrains.charisma.main.security.PRINCIPAL=....;Path=/;Expires=Wed, 09-Apr-2014 22:22:41 GMT
Essentially this means I need to auth on every request? Doesn't this make using a cookie for auth kinda pointless?
Or has the API changed?
Please sign in to leave a comment.
Sorry for the delay.
As far as I can see, cookie was setted correctly and expires in April, 2014. You have to auth only once for the session.
Thank you.
However, the YouTrack server still seems to be failing authentication when passing the cookies.
I'll see if I can track down anything further.
Could you please provide us with details then, how did you install YouTrack (.WAR, .JAR, Win service)? How did you upgrade YouTrack - remove an old version or leave both? The issue may be caused by the old version, if the port is the same.
I was blindly storing ALL cookies returned from my POST to /rest/user/login and reusing it, it would seem that under 4.2.1 the JSESSIONID is expiring, whereas previously I assume it wasn't.
Changing my code to only store/submit the jetbrains.charisma.main.security.PRINCIPAL cookie seems to have solved the problem.