Bug 914196 - Documentation for User.login should state cookies not used for JSONRPC and REST when making future connections

author: Dave Lawrence <dlawrence@mozilla.com> 2013-09-09 19:24:10 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2013-09-09 19:24:10 +0200
commit: 1b2da400dcad870226da1712f00474a8ca65e16a (patch)
tree: 8108ddc3652fb1f7c4f00c828170dfaa3b1814a7
parent: c9cdd836907191109c99e2680efe6aa14e0e8df0 (diff)
download: bugzilla-1b2da400dcad870226da1712f00474a8ca65e16a.tar.gz
bugzilla-1b2da400dcad870226da1712f00474a8ca65e16a.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index 78d34a209..32e11a2a4 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -376,7 +376,9 @@ user that was logged in, and a C<token> which can be passed in
 the parameters as authentication in other calls. A set of http cookies
 is also sent with the response. These cookies *or* the token can be sent
 along with any future requests to the webservice, for the duration of the
-session.
+session. Note that cookies are not accepted for GET requests for JSONRPC
+and REST for security reasons. You may, however, use the token or valid
+login parameters for those requests.
 
 =item B<Errors>
author	Dave Lawrence <dlawrence@mozilla.com>	2013-09-09 19:24:10 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2013-09-09 19:24:10 +0200
commit	1b2da400dcad870226da1712f00474a8ca65e16a (patch)
tree	8108ddc3652fb1f7c4f00c828170dfaa3b1814a7
parent	c9cdd836907191109c99e2680efe6aa14e0e8df0 (diff)
download	bugzilla-1b2da400dcad870226da1712f00474a8ca65e16a.tar.gz bugzilla-1b2da400dcad870226da1712f00474a8ca65e16a.tar.xz