...
- Session-based authentication is meant to be used for AJAX operations. It will let you re-use the visitor's session to execute operations with their permissions.
- Basic authentication is often used when writing cross-server procedures, when one remote application executes operations on one/several eZ Platform instances (remote publishing, maintenance, etc).
The As of eZ Platform the default authentication method is Session-based as this is needed for Platform UI.
Session based authentication
...
If this authentication method is used with a web browser, this session cookie is automatically available as soon as your visitor logs in. Add it as a cookie to your REST requests, and the user will be authenticated.Show If
| group | ez Users |
|---|
Setting it up
Not needed as of 2015.01 release as default is now Session.
To enable session based authentication, you need to edit app/config/security.yml, and comment out / remove the configuration block about Basic Auth (shown in the following section).
As of 5.3 / 2014.04, you also need to add the following configuration in your app/config/security.yml:
Logging in
It is also possible to create a session for the visitor if they aren't logged in yet. This is done by sending a POST request to /user/sessions. Logging out is done using a DELETE request on the same resource.
...
Basic authentication requires the username and password to be sentsent (username:password), based 64 encoded, with each request, as explained in RFC 2617.
...