render_rpc not working where html2xml works

[Alex-Jordan]

The server in the example below is on develop and it has allow_unsecured_rpc: 1 in webwork2.mojolicious.yml.

If I use the render_rpc endpoint:
https://webwork-dev.aimath.org/webwork2/render_rpc?problemSeed=6&problemSource=RE9DVU1FTlQoKTsKbG9hZE1hY3JvcygiUEdzdGFuZGFyZC5wbCIsIlBHTUwucGwiLCJBbnN3ZXJGb3JtYXRIZWxwLnBsIiwiUEdjb3Vyc2UucGwiLCk7VEVYVChiZWdpbnByb2JsZW0oKSk7CkNvbnRleHQoJ051bWVyaWMnKTskYSA9IHJhbmRvbSgxLCA5LCAxKTsKJGIgPSByYW5kb20oMSwgOSwgMSk7CiRjID0gQ29tcHV0ZSgkYSArICRiKTsKCkJFR0lOX1BHTUwKQ29tcHV0ZSB0aGUgc3VtIG9mIFtgWyRhXWBdIGFuZCBbYFskYl1cdGV4dHs6fWBdCgpbYFskYV0gKyBbJGJdID1gXSBbX117JGN9ezV9IFtAQW5zd2VyRm9ybWF0SGVscCgnbnVtYmVycycpQF0qCgoKRU5EX1BHTUwKCkJFR0lOX1BHTUxfU09MVVRJT04KW2BbJGFdICsgWyRiXSA9IFskY11cdGV4dHsufWBdCgoKRU5EX1BHTUxfU09MVVRJT04KCkVORERPQ1VNRU5UKCk7&courseID=anonymous&userID=anonymous&password=anonymous&course_password=anonymous

I get "Authentication failed. Log in again to continue."

If I just change the render_rpc back to html2xml, then it works and renders the problem. Then I can go back to render_rpc and it still works, presumably because now I have a cookie with a valid session. If I manually log in to the course and actively log out, it goes back to the beginning.

I'm not sure what I should change, and why html2xml behaves differently than render_rpc.

[Alex-Jordan]

I also tried changing to session_management_via key, and that did not change things.

[drgrice1]

The link you gave is not correct for the render_rpc endpoint. The point of that endpoint is that it no longer uses the userID, password and course_password parameters. It just uses the usual webwork2 authentication parameters user and passwd. So you will need to change those in the URL.

Note that the html2xml endpoint will also work with the usual parameters. The point is to eliminate the need for the parameter hacking.

[drgrice1]

I forgot another thing for the render_rpc endpoint. You also need to add disableCookes=1 to the URL to disable cookies. So you need both allow_unsecured_rpc: 1 in webwork.mojolicious.yml and the URL parameter disableCookies=1 to fully disable cookies for the render_rpc endpoint.

[Alex-Jordan]

Ah, thanks! I should have remembered about the param names.

[drgrice1]

I would be okay with dropping the need for the URL parameter and just let that be controlled by the setting in webwork2.mojolicious.yml.

[drgrice1]

Ahh wait. I know why I have both the webwork2.mojolicious.yml setting and the URL parameter now. This is because, it messes up rendering via the render_rpc endpoint on the set details page in webwork2 if you have allow_unsecured_rpc: 1 and don't also require the URL parameter.