Sending session_id in Cookies doesn't work
tillyr-cube48 opened this issue · 3 comments
Hi,
Thanks for your module this makes our work very simpler. I am working in Odoo 13
As mentioned, due to security purpose I sent the session_id in cookies but instead of returning the results I get Odoo Login page as the response (302 error - Redirection) for GET and DELETE Methods and Odoo session expired response for POST
could you please guide me on this issue?
How are you sending your cookie?.
I am also facing same issue, I am using postman to test the api, /auth route is working fine but with other route's I am facing same redirection issue and getting odoo login page as response.
Please find below postman request and Odoo logs
PostmanRequest
Odoo-Logs
2020-12-03 10:07:50,550 1 DEBUG pls odoo.modules.registry: Multiprocess signaling check: [Registry - 2 -> 2] [Cache - 18 -> 18] 2020-12-03 10:07:50,566 1 INFO pls werkzeug: 172.27.0.1 - - [03/Dec/2020 10:07:50] "GET /api/res.users HTTP/1.1" 302 - 1 0.001 0.018 2020-12-03 10:07:50,582 1 DEBUG pls odoo.modules.registry: Multiprocess signaling check: [Registry - 2 -> 2] [Cache - 18 -> 18] 2020-12-03 10:07:50,601 1 INFO pls werkzeug: 172.27.0.1 - - [03/Dec/2020 10:07:50] "GET /web/login?redirect=http%3A%2F%2Flocalhost%3A8069%2Fapi%2Fres.users HTTP/1.1" 200 - 4 0.003 0.018
Just to add more I am using postaman intercepter for sending cookies & working with odoo14
because nested a web/session/authenticate/ call inside /auth, this is wrong for Odoo, there is 2 different sessions, each one is auth =none, and/auth return the wrong one that has not be authenticated.
BTW. auth= none should set uid = none in session, means the user in session has not login.
there have 2 solution,
1, dont use /auth, use /web/session/authenticate instead
2, rewrite /auth , call odoo internal call http.request.session.authenticate directly
good lucks.