Description of problem: Upstream Bugzilla 4.4.3 introduced a change that replaced cookie based authentication with token based authentication. Red Hat Bugzilla included this change in 4.4.4019. It is now clear that some teams are not ready for this change, and after discussion with some people we have decided to allow both cookie and token based authentication for RPC calls until October 1st, 2014. Version-Release number of selected component (if applicable): 4.4.4019 Additional info: We are also going to log to the bz.log file (at the info level) details about the RPC calls. This will include the id of the user making the call, their username, the call they made, and whether they used a token, a cookie, both or neither.
Cookie authentication by itself still works. COOKIE is noted in the log output. Token authentication by itself works fine. TOKEN is noted in the log output. Using both cookies and tokens together also works fine. BOTH is noted in the log output.
And I assume none is shown when no authentication is provided (e.g. User.login or anonymous queries)
(In reply to Simon Green from comment #3) > And I assume none is shown when no authentication is provided (e.g. > User.login or anonymous queries) Correct, if no token or cookie is provided for an RPC call NONE will be shown in the log output.
This change is now live. If there are any issues, do not reopen this bug. Instead, you should create a new bug and reference this bug. -- simon