Bug 914196 - Documentation for User.login should state cookies not used for JSONRPC and REST when making future connections

r/a=glob
author: Dave Lawrence <dlawrence@mozilla.com> 2013-09-09 19:22:31 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2013-09-09 19:22:31 +0200
commit: 9cacdb6cde7f37776139e84ef3bd667380ef779d (patch)
tree: c21f2c6476808792f3f114d8da63d3d1173c4ce7
parent: a84cc30018c4fbc7afec6797940bbaa4dec6e7d7 (diff)
download: bugzilla-9cacdb6cde7f37776139e84ef3bd667380ef779d.tar.gz
bugzilla-9cacdb6cde7f37776139e84ef3bd667380ef779d.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index ba8640f3d..22306a11f 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -466,7 +466,9 @@ user that was logged in, and a C<token> which can be passed in
 the parameters as authentication in other calls. A set of http cookies
 is also sent with the response. These cookies *or* the token can be sent
 along with any future requests to the webservice, for the duration of the
-session.
+session. Note that cookies are not accepted for GET requests for JSONRPC
+and REST for security reasons. You may, however, use the token or valid
+login parameters for those requests.
 
 =item B<Errors>
author	Dave Lawrence <dlawrence@mozilla.com>	2013-09-09 19:22:31 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2013-09-09 19:22:31 +0200
commit	9cacdb6cde7f37776139e84ef3bd667380ef779d (patch)
tree	c21f2c6476808792f3f114d8da63d3d1173c4ce7
parent	a84cc30018c4fbc7afec6797940bbaa4dec6e7d7 (diff)
download	bugzilla-9cacdb6cde7f37776139e84ef3bd667380ef779d.tar.gz bugzilla-9cacdb6cde7f37776139e84ef3bd667380ef779d.tar.xz