This content has been marked as final. Show 1 reply
it could be that you had a valid session cookie (for your developer account) we were able to fullfill the request without extra authentication parameter.
For sure we do make sure that you are authenticated (and the account owner) for the session request, but I don't really care if the authentication comes from a token or a cookie.
BTW, we don't rely entirely on cookies for authentication because depending on browser and operating system they have erratic behaviour in Flash (i.e. cookies are not shared between HTTP requests and FileReference upload/download) so we use authentication token (passed on every request ):) that is the only way that works everywhere.