From 9cacdb6cde7f37776139e84ef3bd667380ef779d Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Mon, 9 Sep 2013 13:22:31 -0400 Subject: Bug 914196 - Documentation for User.login should state cookies not used for JSONRPC and REST when making future connections r/a=glob --- Bugzilla/WebService/User.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index ba8640f3d..22306a11f 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -466,7 +466,9 @@ user that was logged in, and a C which can be passed in the parameters as authentication in other calls. A set of http cookies is also sent with the response. These cookies *or* the token can be sent along with any future requests to the webservice, for the duration of the -session. +session. Note that cookies are not accepted for GET requests for JSONRPC +and REST for security reasons. You may, however, use the token or valid +login parameters for those requests. =item B -- cgit v1.2.3-24-g4f1b