I'm having trouble with my customer API. Immediately after getting a successful login response and parsing the token from it, the cart says that I am not logged in. I'm using version 1.2.2.
my log is attached.
I discovered that the test_api.php works on my web server but I am still having trouble with the login from my app.
Do you have HTTPS enabled?
Can you post exact request and response?
using SSL
this is my log:
POSTed login form:
URL: https*
rt=a/account/login
email=my e-mail
password=password
UnityEngine.MonoBehaviour:print(Object)
<PostLogin>c__Iterator4:MoveNext() (at Assets/Scripts/RequestController.cs:791)
{"status":1,"success":"Logged in","token":"43c3ed78a8b12bc7d01f6193cd47cafe"}
UnityEngine.MonoBehaviour:print(Object)
<PostLogin>c__Iterator4:MoveNext() (at Assets/Scripts/RequestController.cs:792)
token=43c3ed78a8b12bc7d01f6193cd47cafe
UnityEngine.MonoBehaviour:print(Object)
<PostLogin>c__Iterator4:MoveNext() (at Assets/Scripts/RequestController.cs:806)
verifying still logged in..
UnityEngine.MonoBehaviour:print(Object)
<PostLogin>c__Iterator4:MoveNext() (at Assets/Scripts/RequestController.cs:814)
POSTed login form:
URL: https*
rt=a/account/login
token=43c3ed78a8b12bc7d01f6193cd47cafe
UnityEngine.MonoBehaviour:print(Object)
<PostLogin>c__Iterator4:MoveNext() (at Assets/Scripts/RequestController.cs:821)
HEADERS: STATUS=HTTP/1.1 401 Unauthorized
DATE=Thu, 11 Jun 2015 11:48:29 GMT
SERVER=Apache
X-POWERED-BY=PHP/5.3.29
EXPIRES=Thu, 19 Nov 1981 08:52:00 GMT
CACHE-CONTROL=no-store, no-cache, must-revalidate, post-check=0, pre-check=0
PRAGMA=no-cache
ACCESS-CONTROL-ALLOW-ORIGIN=
ACCESS-CONTROL-ALLOW-CREDENTIALS=true
SET-COOKIE=currency=USD; expires=Sat, 11-Jul-2015 11:48:29 GMT; path=/; domain=www.*.com
TRANSFER-ENCODING=chunked
CONTENT-TYPE=application/json
UnityEngine.Debug:Log(Object)
<PostLogin>c__Iterator4:MoveNext() (at Assets/Scripts/RequestController.cs:832)
{"status":0,"request":"unauthorized"}
UnityEngine.MonoBehaviour:print(Object)
<PostLogin>c__Iterator4:MoveNext() (at Assets/Scripts/RequestController.cs:834)
When you do login request and later you pass the token, are these both requests sent via HTTPS to the same domain?
Are you using callback? This might be related to cross domain issue.
http://www.abantecart.com/document_wiki/index.php/Storefront_API_for_mobile_and_remote_access
Same domain. No callback.
EDIT: The requests are being sent from either mobile devices or my home computer.
Try callback. I suspect this can be related to cross domain
I tried allowing cross-domain via htaccess. Headers reflected change, but I am still getting "401 Unauthorized". Perhaps I need to change a file in the shopping cart?
I'm coding everything in C#, not JQuery or JavaScript. I have no idea if callback is even possible in this case as my parser (SimpleJSON) does not have this feature.
I probably just don't understand callback.
Quote from: pyroxide on June 15, 2015, 03:08:28 PM
I tried allowing cross-domain via htaccess. Headers reflected change, but I am still getting "401 Unauthorized". Perhaps I need to change a file in the shopping cart?
I'm coding everything in C#, not JQuery or JavaScript. I have no idea if callback is even possible in this case as my parser (SimpleJSON) does not have this feature.
Probably cross-domain is not an issue here.
We need to debug this some how. You can enable debug log 5 (settings -> system) to save to log file and run login and later access with the token. Let's see what is happening.