REST API Explorer authorization ‘send as another user’ sets instance session as another user
This article explains a current defect that affects session log in after running REST API Explorer.
Execute a REST call from the REST API Explorer page:
- Open Rest API explorer.
- Formulate JSON request.
- Select Retrieve a record (GET) (for example, from the table sys_user).
- In Authorization (under Request headers), select Send as another user.
- Provide credentials for another user (for example, AbelTuter).
- Click Send.
After running the REST call, the current user for that session changes to the user that executed the REST call (for example, Abel Tuter). However, this is not noticeable since the indicator at the top right of the page still shows the original user that originally logged in to the instance.
If you refresh the browser, for example by typing the URL of the instance on the same browser window, the user changes to the user who executed the REST call (for example, Abel Tuter).
This is the standard behavior and the issue is caused by a limitation in the cookie mechanism.
Immediately after executing the REST call, use the impersonate user feature to login as the original user that initiated the session.