From adc9df8b72cd8ebba27a8b076d70788ada227951 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Tue, 6 Jan 2015 09:38:22 -0600
Subject: [PATCH] =?UTF-8?q?api:=20Use=20sessions=20for=20API=20=E2=80=94?=
 =?UTF-8?q?=20required=20for=20SSO?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/api.inc.php | 3 ++-
 api/http.php    | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/api.inc.php b/api/api.inc.php
index fac03bccd..d1440c8b3 100644
--- a/api/api.inc.php
+++ b/api/api.inc.php
@@ -17,7 +17,8 @@ file_exists('../main.inc.php') or die('System Error');
 
 // Disable sessions for the API. API should be considered stateless and
 // shouldn't chew up database records to store sessions
-define('DISABLE_SESSION', true);
+if (!defined('DISABLE_SESSION'))
+    define('DISABLE_SESSION', true);
 
 require_once('../main.inc.php');
 require_once(INCLUDE_DIR.'class.http.php');
diff --git a/api/http.php b/api/http.php
index 2efd1a98c..3f8f721ec 100644
--- a/api/http.php
+++ b/api/http.php
@@ -13,6 +13,10 @@
 
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
+// Use sessions — it's important for SSO authentication, which uses
+// /api/auth/ext
+define('DISABLE_SESSION', false);
+
 require 'api.inc.php';
 
 # Include the main api urls
-- 
GitLab