3294: provide DELETE for http://reviews.example.com/api/session/

dam***@pernixd******* (Google Code) (Is this you? Claim this profile.)
July 1, 2014 
What version are you running?
1.7.14

What's the URL of the page containing the problem?
DELETE http://reviews.example.com/api/session/

What steps will reproduce the problem?
1. use DELETE method for http://reviews.example.com/api/session/
2.
3.

What is the expected output? What do you see instead?
I get: 405 Method Not Allowed
this is the documented behavior - http://www.reviewboard.org/docs/manual/dev/webapi/2.0/authenticating/#logging-out
But since the defaults are persistent cookies backed by a database,
I would like to have a way to delete sessions; proper logout workflow for my use case.


What operating system are you using? What browser?
CentOS 6.5 / Chrome

Please provide any additional information below.
here is my workflow:
- login and get a cookie from a service accounts (e.g. jenkins)
- provide cookie to test job so they can get more information, e.g.
  - repository
  - diff
- destroy cookie so nobody else can make requests?

the problem is that if somebody gets a hold of the rbsessionid, they
can use it regardless of me doing best efforts to destroy the cookie.
chipx86
#1 chipx86 
Seems like a reasonable addition.
  • +Confirmed
  • -Type-Defect
    +Type-Enhancement
    +Milestone-Release2.0.x
    +EasyFix
    +Component-API
#2 pete.******@gmai***** (Google Code) (Is this you? Claim this profile.) 
I'll try this.
david
#3 david
  • -Confirmed
    +PendingReview
david
#4 david 
Fixed in release-2.0.x (44d5a7d). Thanks!
  • -PendingReview
    +Fixed