Closed clarsen closed 4 years ago
Hi @clarsen,
Yes, we changed the session cookie to be a __Host-
prefixed one.
Can you please tell us a bit more about your use case? How do you use the session cookie? This change wasn't supposed to affected API users, only the web app.
Also, it is backwards compatible, so as long as you have a valid old toggl_api_session_new
, it won't be rejected. New cookies will be created with the new name.
Regards, Tiago.
Using the creation of a session approach, documented here: https://github.com/toggl/toggl_api_docs/blob/master/chapters/authentication.md#authentication-with-a-session-cookie (which still refers to the old cookie)
subsequent requests, such as get workspaces, documented here: https://github.com/toggl/toggl_api_docs/blob/master/chapters/workspaces.md#get-workspaces
results in 403 unless the cookie is provided.
A fix in a go client library is here: https://github.com/dougEfresh/gtoggl-api/pull/7
Thanks for pointing it out and fixing it in the Go library. We are very sorry for not updating the docs together with the change.
I've proposed PR #354 with the new cookie name.
Based on 403 auth failures when requests are missing this cookie i presume the cookie has changed?
Seems like it started happening earlier today (12/6/2019).
(ref https://github.com/toggl/toggl_api_docs/issues/112 )