API authentication via session cookie
|Category:||Accounts / authentication|
Symptoms and how to reproduce:¶
https://example.com/issues/605 is not publically available. Logging in and showing the page works as intended. Then, using the same browser with the same session cookie and no logging out, visit: https://example.com/issues/605.json
Browser shows a pop-up for logging in the user via basic authentication.
Allow the authentication method to be the API key, basic auth or the session cookie.
I would like to call this a defect, but it works in line with the current documentation, so it'll be a feature request.