From adc9df8b72cd8ebba27a8b076d70788ada227951 Mon Sep 17 00:00:00 2001 From: Jared Hancock <jared@osticket.com> Date: Tue, 6 Jan 2015 09:38:22 -0600 Subject: [PATCH] =?UTF-8?q?api:=20Use=20sessions=20for=20API=20=E2=80=94?= =?UTF-8?q?=20required=20for=20SSO?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/api.inc.php | 3 ++- api/http.php | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/api/api.inc.php b/api/api.inc.php index fac03bccd..d1440c8b3 100644 --- a/api/api.inc.php +++ b/api/api.inc.php @@ -17,7 +17,8 @@ file_exists('../main.inc.php') or die('System Error'); // Disable sessions for the API. API should be considered stateless and // shouldn't chew up database records to store sessions -define('DISABLE_SESSION', true); +if (!defined('DISABLE_SESSION')) + define('DISABLE_SESSION', true); require_once('../main.inc.php'); require_once(INCLUDE_DIR.'class.http.php'); diff --git a/api/http.php b/api/http.php index 2efd1a98c..3f8f721ec 100644 --- a/api/http.php +++ b/api/http.php @@ -13,6 +13,10 @@ vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ +// Use sessions — it's important for SSO authentication, which uses +// /api/auth/ext +define('DISABLE_SESSION', false); + require 'api.inc.php'; # Include the main api urls -- GitLab