Sending session_id in Cookies doesn't work

[tillyr-cube48]

Hi,

Thanks for your module this makes our work very simpler. I am working in Odoo 13

As mentioned, due to security purpose I sent the session_id in cookies but instead of returning the results I get Odoo Login page as the response (302 error - Redirection) for GET and DELETE Methods and Odoo session expired response for POST

could you please guide me on this issue?

[yezyilomo]

How are you sending your cookie?.

[meswapnilwagh]

I am also facing same issue, I am using postman to test the api, /auth route is working fine but with other route's I am facing same redirection issue and getting odoo login page as response.

Please find below postman request and Odoo logs

PostmanRequest

Odoo-Logs

2020-12-03 10:07:50,550 1 DEBUG pls odoo.modules.registry: Multiprocess signaling check: [Registry - 2 -> 2] [Cache - 18 -> 18] 2020-12-03 10:07:50,566 1 INFO pls werkzeug: 172.27.0.1 - - [03/Dec/2020 10:07:50] "GET /api/res.users HTTP/1.1" 302 - 1 0.001 0.018 2020-12-03 10:07:50,582 1 DEBUG pls odoo.modules.registry: Multiprocess signaling check: [Registry - 2 -> 2] [Cache - 18 -> 18] 2020-12-03 10:07:50,601 1 INFO pls werkzeug: 172.27.0.1 - - [03/Dec/2020 10:07:50] "GET /web/login?redirect=http%3A%2F%2Flocalhost%3A8069%2Fapi%2Fres.users HTTP/1.1" 200 - 4 0.003 0.018

Just to add more I am using postaman intercepter for sending cookies & working with odoo14

[jeffery9]

because nested a web/session/authenticate/ call inside /auth, this is wrong for Odoo, there is 2 different sessions, each one is auth =none, and/auth return the wrong one that has not be authenticated.

BTW. auth= none should set uid = none in session, means the user in session has not login.

there have 2 solution,
1, dont use /auth, use /web/session/authenticate instead
2, rewrite /auth , call odoo internal call http.request.session.authenticate directly

good lucks.