Hello community!
I’ve a question related to login/logout GoodData APIs that we are using, about a strange behaviour which is not blocking but for which we are curious to understand as it could hide a security defect.
So, we implemented and tested the login + logout queries, as explained in the Good Data documentation here.
The login query is working fine, however the logout query always fail, saying that the user is not logged in. Does somebody knows why we have this behaviour?
There are only few differences between the logout and the login queries : in the logout, we have to precise the id of the user to logout at the end of the URL (coming from the feedback of the login query), a valid TT (Temporary Token), and use a DELETE REST instead of a POST. So not sure what happens here… Could it be that the login query is not really logging the user, but only generating it a SST (Super Secure Token)?
If somebody knows about it, thanks a lot!
Best answer by Julius Kos
View original