What version are you running?
1.7.14
What's the URL of the page containing the problem?
DELETE http://reviews.example.com/api/session/
What steps will reproduce the problem?
1. use DELETE method for http://reviews.example.com/api/session/
2.
3.
What is the expected output? What do you see instead?
I get: 405 Method Not Allowed
this is the documented behavior - http://www.reviewboard.org/docs/manual/dev/webapi/2.0/authenticating/#logging-out
But since the defaults are persistent cookies backed by a database,
I would like to have a way to delete sessions; proper logout workflow for my use case.
What operating system are you using? What browser?
CentOS 6.5 / Chrome
Please provide any additional information below.
here is my workflow:
- login and get a cookie from a service accounts (e.g. jenkins)
- provide cookie to test job so they can get more information, e.g.
- repository
- diff
- destroy cookie so nobody else can make requests?
the problem is that if somebody gets a hold of the rbsessionid, they
can use it regardless of me doing best efforts to destroy the cookie.