On 11/17/2014 09:39 AM, Jani Nikula wrote:
On Mon, 17 Nov 2014, Jani Nikula <jani.nikula(a)intel.com>
wrote:
> I used to have a working setup where I'd do 'bugzilla login' first and
> then various bug modifications using the cookiefile from the
> login. Problem is, I can't replicate this on a new install and I no
> longer have access to the old one...
>
> According to --debug --verbose output
>
> Logging in... [14:37:48] INFO (base:485) login successful - dropping password from
memory
> Authorization cookie received.
>
> I can successfully login to two different bugzilla instances
> (
https://bugzilla.kernel.org/xmlrpc.cgi and
>
https://bugs.freedesktop.org/xmlrpc.cgi) but the resulting cookiefile
> will only include the comment:
>
> # Netscape HTTP Cookie File
> #
http://curl.haxx.se/rfc/cookie_spec.html
> # This is a generated file! Do not edit.
>
> The actual coookies don't get saved in the file. Any ideas?
Still no go with the cookiefile, but tokenfile seems to work.
Upstream bugzilla had a CVE related to using cookies with the API, so cookie
auth was disabled and replaced with a token instead. It appears that both
bugzilla instances you mention are running a sufficiently new instance that
drop use of cookies, so what you see is expected.
- Cole