[Building Sakai] Why is session id null when getting session from /session/current?
Schauer, Christopher R
cschauer at txstate.edu
Tue Mar 25 15:33:13 PDT 2014
Hi sakai-dev,
When getting the current session from /session/current, the id is being set to null by this line in SessionEntityProvider:
es.setId(null); // SAK-19669 - do not allow session id to be visible for current session
What is the reason for hiding this? Isn't this the same id that is stored in the JSESSIONID cookie?
For a little context, we're working on setting up some autotests to test out releases of our local sakai instance. We want to log in as an admin user at the start of a test suite and then use the session id to change to a different user by posting to /session. Unfortunately, we discovered that there's no way to access httpOnly cookies through chromedriver (it looks like chromedriver is using javascript to get cookies for the current page), so we can't get the session id from the cookie. We can use the become user tool as a workaround, but would prefer not to as that would be dependent on the sakai environment being tested. Is there any harm in removing this line from our local instance?
Thanks,
Chris
More information about the sakai-dev
mailing list