Closed clarsen closed 4 years ago
myhro
commented
4 years ago Hi @clarsen,
Yes, we changed the session cookie to be a __Host- prefixed one.
Can you please tell us a bit more about your use case? How do you use the session cookie? This change wasn't supposed to affected API users, only the web app.
Also, it is backwards compatible, so as long as you have a valid old toggl_api_session_new, it won't be rejected. New cookies will be created with the new name.
Regards, Tiago.
clarsen
commented
4 years ago Using the creation of a session approach, documented here: https://github.com/toggl/toggl_api_docs/blob/master/chapters/authentication.md#authentication-with-a-session-cookie (which still refers to the old cookie)
subsequent requests, such as get workspaces, documented here: https://github.com/toggl/toggl_api_docs/blob/master/chapters/workspaces.md#get-workspaces
results in 403 unless the cookie is provided.
A fix in a go client library is here: https://github.com/dougEfresh/gtoggl-api/pull/7
myhro
commented
4 years ago Thanks for pointing it out and fixing it in the Go library. We are very sorry for not updating the docs together with the change.
I've proposed PR #354 with the new cookie name.
Based on 403 auth failures when requests are missing this cookie i presume the cookie has changed?
Seems like it started happening earlier today (12/6/2019).
(ref https://github.com/toggl/toggl_api_docs/issues/112 )