fixes #5612 - use correct permissions for authz in parameters API
(cherry picked from commit 7cb05aa94e942bd3917c6cde33957288ea84a735)
fixes #4895 - Adds CSRF protection check to the API if a session user is present
fixes #4776 - support session[:expires_at] for api requests
There are situations where the UI needs to invoke requestson the API controllers; therefore, we need to ensure thatthe session expiration accounts for them. This is a commonfor plugins, such as Katello, which leverage the...
fixes #4457 - Session fixation, new session IDs are not generated on login (CVE-2014-0090)
fixes #3960 - wrap APIv2 errors in an "error" node
fixes #3280 - authenticate returns true for API requests when login:false
fixes #2763 - correcting doco links