I'm making REST calls from Android app to the Drupal site. On Drupal site I have REST services developed using Services 3.0 module, on Android I'm using Java library Restlet 2.0.
First I call service user/login, and I used received session ID and session name to inject authentication cookie to the second REST call.
However when I'm looking into the Drupal logs for the service, there are basically 4 entries for the REST service call:
- Server info main object
- Controller
- Passed arguments
- results
Entries 1-3 are still captured with logged in user, but the entry 4 is already logged as anonymous, and also the service implementation knows no logged in user (i.e. variable $GLOBALS['user'] has no value).
Is "cookie injection" the right technique to make authenticated calls? And if it is, how to keep the logged user on Drupal side?
