remove x-session, not needed anymore

src/backend/InvenTree/InvenTree/settings.py

@@ -20,7 +20,6 @@ from django.core.validators import URLValidator
 from django.http import Http404, HttpResponseGone
 
 import structlog
-from corsheaders.defaults import default_headers
 from dotenv import load_dotenv
 from zoneinfo import ZoneInfo, ZoneInfoNotFoundError
 
@@ -1164,8 +1163,6 @@ USE_X_FORWARDED_PORT = get_boolean_setting(
 # Ref: https://github.com/adamchainz/django-cors-headers
 
 
-CORS_ALLOW_HEADERS = (*default_headers, 'x-session-token')
-
 # Extract CORS options from configuration file
 CORS_ALLOW_ALL_ORIGINS = get_boolean_setting(
     'INVENTREE_CORS_ORIGIN_ALLOW_ALL', config_key='cors.allow_all', default_value=DEBUG

src/frontend/src/functions/auth.tsx

@@ -65,8 +65,7 @@ export const doBasicLogin = async (
   navigate: NavigateFunction
 ) => {
   const { host } = useLocalState.getState();
-  const { clearUserState, setToken, setSession, fetchUserState } =
-    useUserState.getState();
+  const { clearUserState, setToken, fetchUserState } = useUserState.getState();
 
   if (username.length == 0 || password.length == 0) {
     return;
@@ -100,7 +99,6 @@ export const doBasicLogin = async (
     )
     .then((response) => {
       if (response.status == 200 && response.data?.meta?.is_authenticated) {
-        setSession(response.data.meta.session_token);
         setToken(response.data.meta.access_token);
         loginDone = true;
         success = true;
@@ -112,7 +110,6 @@ export const doBasicLogin = async (
           (flow: any) => flow.id == 'mfa_authenticate'
         );
         if (mfa_flow && mfa_flow.is_pending == true) {
-          setSession(err.response.data.meta.session_token);
           success = true;
           navigate('/mfa');
         }
@@ -134,7 +131,7 @@ export const doBasicLogin = async (
  * @arg deleteToken: If true, delete the token from the server
  */
 export const doLogout = async (navigate: NavigateFunction) => {
-  const { clearUserState, isLoggedIn, setSession } = useUserState.getState();
+  const { clearUserState, isLoggedIn } = useUserState.getState();
 
   // Logout from the server session
   if (isLoggedIn() || !!getCsrfCookie()) {
@@ -147,7 +144,6 @@ export const doLogout = async (navigate: NavigateFunction) => {
     });
   }
 
-  setSession(undefined);
   clearUserState();
   clearCsrfCookie();
   navigate('/login');
@@ -205,11 +201,10 @@ export function handleMfaLogin(
   location: Location<any>,
   values: { code: string }
 ) {
-  const { setToken, setSession } = useUserState.getState();
+  const { setToken } = useUserState.getState();
   authApi(apiUrl(ApiEndpoints.user_login_mfa), undefined, 'post', {
     code: values.code
   }).then((response) => {
-    setSession(response.data.meta.session_token);
     setToken(response.data.meta.access_token);
     followRedirect(navigate, location?.state);
   });
@@ -323,13 +318,7 @@ export function authApi(
   method: 'get' | 'post' | 'put' | 'delete' = 'get',
   data?: any
 ) {
-  const state = useUserState.getState();
-  // extend default axios instance with session token
   const requestConfig = config || {};
-  if (!requestConfig.headers) {
-    requestConfig.headers = {};
-  }
-  requestConfig.headers['X-Session-Token'] = state.session;
 
   // set method
   requestConfig.method = method;

src/frontend/src/states/UserState.tsx

@@ -16,8 +16,6 @@ export interface UserStateProps {
   setUser: (newUser: UserProps) => void;
   setToken: (newToken: string) => void;
   clearToken: () => void;
-  session: string | undefined;
-  setSession: (newSession: string | undefined) => void;
   fetchUserToken: () => void;
   fetchUserState: () => void;
   clearUserState: () => void;
@@ -53,10 +51,6 @@ export const useUserState = create<UserStateProps>((set, get) => ({
     set({ token: undefined });
     setApiDefaults();
   },
-  session: undefined,
-  setSession: (newSession: string | undefined) => {
-    set({ session: newSession });
-  },
   userId: () => {
     const user: UserProps = get().user as UserProps;
     return user.pk;