Problem with authentication... Acts As Authenticated

Hello,

I am working on the API of our webservice. API users need to
authenticate some of their calls…
When I am performig the call through Firefox, everything is fine as
shown in the log :

Processing OwnershipsController#new (for 67.207.118.174 at 2008-09-26
16:20:03) [GET]
Session ID:
BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
SGFzaHsABjoKQHVzZWR7AA==–5a5630c016ccd9482ce679e272d3d53adea86595
Parameters: {“format”=>“xml”, “action”=>“new”,
“controller”=>“sources/ownerships”, “password”=>“MYPASS”,
“login”=>“MYUSER”, “source_id”=>“1247”}
Completed in 0.01454 (68 reqs/sec) | Rendering: 0.00705 (48%) | DB:
0.00378 (25%) | 200 OK
[http://site.com/sources/1247/ownerships/new.xml?login=
MYUSER&password=MYPASS]

However, if I perform the exact same call from an external client
wirtten in Perl, here is what I get n my log :

Processing OwnershipsController#new (for 67.202.41.41 at 2008-09-26
16:19:39) [GET]
Session ID: 6ef6e5b8289004d925517d48294f1cc1
Parameters: {“format”=>“xml”, “action”=>“new”,
“controller”=>“sources/ownerships”, “password”=>“MYPASS”,
“login”=>“MYUSER”, “source_id”=>“1247”}
Filter chain halted as [:login_required] rendered_or_redirected.
Completed in 0.00284 (351 reqs/sec) | Rendering: 0.00066 (23%) | DB:
0.00000 (0%) | 401 Unauthorized
[http://site.com/sources/1247/ownerships/new.xml?login=MYUSER&password=MYPASS]

As you can see the parameters are precisely the same and, in one case,
the call is successful while in another case it’s not!

Do you guys have any idea on how to solve this?

Thanks a lot!

Firefox

Session ID:
BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
SGFzaHsABjoKQHVzZWR7AA==–5a5630c016ccd9482ce679e272d3d53adea86595

Perl

Session ID: 6ef6e5b8289004d925517d48294f1cc1

Give the vast difference between these two Session IDs it makes me
wonder if that is related to you problem? Does this relate in any way to
“cross-site forgery protection?”

Julien Genestoux wrote:

Hello,

I am working on the API of our webservice. API users need to
authenticate some of their calls…
When I am performig the call through Firefox, everything is fine as
shown in the log :

Processing OwnershipsController#new (for 67.207.118.174 at 2008-09-26
16:20:03) [GET]
Session ID:
BAh7BiIKKmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo
SGFzaHsABjoKQHVzZWR7AA==–5a5630c016ccd9482ce679e272d3d53adea86595
Parameters: {“format”=>“xml”, “action”=>“new”,
“controller”=>“sources/ownerships”, “password”=>“MYPASS”,
“login”=>“MYUSER”, “source_id”=>“1247”}
Completed in 0.01454 (68 reqs/sec) | Rendering: 0.00705 (48%) | DB:
0.00378 (25%) | 200 OK
[http://site.com/sources/1247/ownerships/new.xml?login=
MYUSER&password=MYPASS]

However, if I perform the exact same call from an external client
wirtten in Perl, here is what I get n my log :

Processing OwnershipsController#new (for 67.202.41.41 at 2008-09-26
16:19:39) [GET]
Session ID: 6ef6e5b8289004d925517d48294f1cc1
Parameters: {“format”=>“xml”, “action”=>“new”,
“controller”=>“sources/ownerships”, “password”=>“MYPASS”,
“login”=>“MYUSER”, “source_id”=>“1247”}
Filter chain halted as [:login_required] rendered_or_redirected.
Completed in 0.00284 (351 reqs/sec) | Rendering: 0.00066 (23%) | DB:
0.00000 (0%) | 401 Unauthorized
[http://site.com/sources/1247/ownerships/new.xml?login=MYUSER&password=MYPASS]

As you can see the parameters are precisely the same and, in one case,
the call is successful while in another case it’s not!

Do you guys have any idea on how to solve this?

Thanks a lot!