mit-corp
commented
1 year ago Hello,
i have same problem. If i create Entity from api this Entity is not displayed and usable in Entity.php.
But the data is in database
Closed Berthe01 closed 2 months ago
mit-corp
commented
1 year ago Hello,
i have same problem. If i create Entity from api this Entity is not displayed and usable in Entity.php.
But the data is in database
cconard96
commented
1 year ago It is expected that you wouldn't be able to see/access entities created outside of your current session until you log out and back in due to how your available entities are cached in your session. When you create an entity, the cache is updated but that only affects your current session.
cconard96
commented
1 year ago You may also simply switch profiles or entities to trigger an update of the cache if you wish to keep the same login session.
Berthe01
commented
1 year ago Hello cconard96,
I'm ok with your answer for step 3, but if I understand correctly, it remains a bug as I should be able to find the Entity at step 5. and 6. because I still use the same SessionToken that has been used to create the Entity.
cconard96
commented
1 year ago It looks like the reason why it doesn't work when you share the same session token between the API and web is that the API will close the session early in the request in every case that tries to use sessions. This means that changes to the session after that are not persisted. The entity cache(s) should indeed be updated when creating an entity in the API, but that state is not saved.
REST is supposed to be stateless. I think sharing a session between the web and API would be considered undefined behavior for things that rely on information cached in the session.
Berthe01
commented
1 year ago Hi,
I do not share the same Session token between GUI and API.
If you remove the GUI steps of issue, my main problem is that when I create an Entity using the API I can't get it in the same session. I must renew my session token to be able to get it.
When I wrote "using the same session token" I mean the same used to create the Entity via API.
Le sam. 1 juil. 2023 à 00:53, Curtis Conard @.***> a écrit :
It looks like the reason why it doesn't work when you share the same session token between the API and web is that the API will close the session early in the request in every case that tries to use sessions. This means that changes to the session after that are not persisted. The entity cache(s) should indeed be updated when creating an entity in the API, but that state is not saved.
REST is supposed to be stateless. I think sharing a session between the web and API would be considered undefined behavior for things that rely on information cached in the session.
— Reply to this email directly, view it on GitHub https://github.com/glpi-project/glpi/issues/14971#issuecomment-1615258141, or unsubscribe https://github.com/notifications/unsubscribe-auth/A7XODA4C6EVE56CAVP3JFWDXN5KFHANCNFSM6AAAAAAZOLEBHM . You are receiving this because you authored the thread.Message ID: @.***>
trasher
commented
1 year ago For some (undefined) part of GLPI, yes, it's required to logout/login again for everything to work. This is an historical behavior, that's why it's impossible to tell what is impacted, but I won't be surprised entites are impacted.
Since API is just using same code as UI in the background, the "limitation" do exists here too.
But in the code, it may be a bit hard to really change that.
cconard96
commented
4 months ago As long as the legacy API uses sessions, I think this is just going to be a quirk of it unless the session is completely reset before somehow restoring the previously chosen active entity and active profile. The new API (High-Level API) will not have this issue at all since each request is separate.
trasher
commented
4 months ago So I guess we can assume this is already fixes in GLPI 11 with the new API?
cconard96
commented
4 months ago Unless someone thinks the legacy API should have a behavior change introduced... GLPI 11.0 will give users a way to create entities and use them seamlessly since each request is effectively a new session, so I would be OK calling this issue fixed in the next version.
Code of Conduct
Is there an existing issue for this?
Version
10.0.7
Bug description
As mentionned in a previous issue : https://github.com/glpi-project/glpi/issues/6681
When creating an Entity via REST API, it impossible to get it in the same API session.
-> ERROR_RIGHT_MISSING.
Moreover, if a user was logged in web UI, he see the Entity in the UI, but can't access to details or modify it with the same error.
Relevant log output
No response
Page URL
{{APIUrl}}/Entity/{{EntityID}} & {{WebUiURL}}/front/entity.form.php?id={{EntityID}
Steps To reproduce
Your GLPI setup information
Informations sur le système, l'installation et la configuration
Server
Operating system: Linux xxxxxxxxxxxxxxx 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 PHP 8.1.2-1ubuntu2.11 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apcu, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imap, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, pdo_mysql, pdo_sqlite, posix, readline, session, shmop, sockets, sodium, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="600" memory_limit="256M" post_max_size="8M" safe_mode="" session.save_handler="files" upload_max_filesize="20M" Software: Apache/2.4.52 (Ubuntu) (Apache/2.4.52 (Ubuntu) Server at xxxxxxxxxxxxxxx Port 443 ) Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0 Server Software: (Ubuntu) Server Version: 8.0.33-0ubuntu0.22.04.2 Server SQL Mode: STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION Parameters: glpi@127.0.0.1/glpi-prod Host info: 127.0.0.1 via TCP/IP PHP version (8.1.2-1ubuntu2.11) is supported. Sessions configuration is OK. Allocated memory is sufficient. mysqli extension is installed. Following extensions are installed: dom, fileinfo, json, simplexml. curl extension is installed. gd extension is installed. intl extension is installed. libxml extension is installed. zlib extension is installed. The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present. Database engine version (8.0.33) is supported. No files from previous GLPI version detected. The log file has been created successfully. Write access to /var/www/glpi-prod/files/_cache has been validated. Write access to /var/www/glpi-prod/config has been validated. Write access to /var/www/glpi-prod/files/_cron has been validated. Write access to /var/www/glpi-prod/files has been validated. Write access to /var/www/glpi-prod/files/_dumps has been validated. Write access to /var/www/glpi-prod/files/_graphs has been validated. Write access to /var/www/glpi-prod/files/_lock has been validated. Write access to /var/www/glpi-prod/files/_pictures has been validated. Write access to /var/www/glpi-prod/files/_plugins has been validated. Write access to /var/www/glpi-prod/files/_rss has been validated. Write access to /var/www/glpi-prod/files/_sessions has been validated. Write access to /var/www/glpi-prod/files/_tmp has been validated. Write access to /var/www/glpi-prod/files/_uploads has been validated. Web server root directory configuration seems safe. Sessions configuration is secured. OS and PHP are relying on 64 bits integers. exif extension is installed. ldap extension is installed. openssl extension is installed. Following extensions are installed: bz2, Phar, zip. Zend OPcache extension is installed. Following extensions are installed: ctype, iconv, mbstring, sodium. Write access to /var/www/glpi-prod/glpi/marketplace has been validated. Access to timezone database (mysql) is not allowed. ### Anything else? _No response_