Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.If the Services module is configured to require a session, every RPC call will require a "sessid" parameter with a session ID.
Because JSON is generally used from Javascript in the browser, the user often has a valid session already, and Drupal will automatically set it up. It would be very convenient if the JSON server would just use that session if it was available, instead of requiring that it be sent again as a parameter. It would also allow HTTPOnly cookies, which might help security in some situations.
The attached patch will take the session ID of the currently logged in user if it is required by Services and is not passed in the POST request.
| Comment | File | Size | Author |
|---|---|---|---|
| json_server_session.patch | 609 bytes | scottgifford |
Comments
Comment #1
skyredwang