This topic was locked
.
Most people probably won't even know this existed, but at 2020-01-01 00:00:00 UTC password auth (tokens prefixed with PASS:) will no longer work.
Obviously it wouldn't make sense if there was no alternative so I've introduced session key auth with a SESS: prefix. If you use password auth, it shouldn't be terribly difficult to patch this.
In order to do session token auth just take the value of your msz_auth cookie and slam SESS: in front of it, then use that in place of your PASS: prefixed string.
UPDATE 1
I was a little too eager with this announcement and admittedly haven't fully debugged the session authentication yet. In other words it doesn't work yet.
The implementation is going to be exactly as described though so you can prepare regardless.
UPDATE 2
It's functional now, you can use both a raw cookie and also just the hex string for the token. The latter is impractical considering you have to extract it from the cookie, but I digress.
Obviously it wouldn't make sense if there was no alternative so I've introduced session key auth with a SESS: prefix. If you use password auth, it shouldn't be terribly difficult to patch this.
In order to do session token auth just take the value of your msz_auth cookie and slam SESS: in front of it, then use that in place of your PASS: prefixed string.
UPDATE 1
I was a little too eager with this announcement and admittedly haven't fully debugged the session authentication yet. In other words it doesn't work yet.
The implementation is going to be exactly as described though so you can prepare regardless.
UPDATE 2
It's functional now, you can use both a raw cookie and also just the hex string for the token. The latter is impractical considering you have to extract it from the cookie, but I digress.
This topic was locked
.