Third Light Developer Exchange

Code and templating community forum for developers and software integrators

You are not logged in.

Announcement

If you wish to join the Developer Exchange, please contact your account manager - this is to avoid unnecessary spam in the forums. Many thanks for your understanding.

#1 2015-03-02 23:15:37

mdyason
Member
Registered: 2015-01-20
Posts: 43

Are sessions actually controlled.

A week ago, I logged into the system using core.loginWithKey.  At that time I created a folder and then got its ID by using folders.getFolderByPath.
I then logged out - (I think)
Today I clicked on the old request I used to get the folderID that still had the session ID as obtained last week.  folders.getFolderByPath  The server returned the correct answer.
I then ran core.logout quoting the old sessionID - the reply was OK. 
I reran folders.getFoldersByPath and once again, I got the correct answer.

The old sessionID would not let me create a new folder so it would seem i can not change the system with old IDs but I can get data from it.
Can anyone explain how long sessions should last - is there a setting somewhere?  Also what is and is not affected by the sessionID?  I would have thought that once a session is killed off, you should not be able to use it for anything.

Offline

#2 2015-03-03 17:31:46

dominic
Third Light Staff
Registered: 2013-06-06
Posts: 96

Re: Are sessions actually controlled.

Specifying an invalid session ID is equivalent to not specifying one at all, so the API request will be handled in an anonymous context. If the folder in question is publicly accessible, you will therefore get a successful response to a request to get details about it, but still be prevented from modifying it in any way.

Kind regards,

Dominic

Offline

Board footer