Session cookie header parameter support

[pavel-vasiluk]

I have got some API-endpoints that are designed to have protected access via session-cookie. And as far as I understand, OpenAPI specification supports it, but I cannot really make it work via nelmio features.

1. I have added session cookie parameter to config:

        components:
            securitySchemes:
                Cookie:
                    type: apiKey
                    name: PHPSESSID
                    in: cookie

2. Authorization has been added to UI. I have added the Cookie.
   

3. Then I proceed to endpoint scheme and press execute. And get redirected response (302, no active session). After debugging it. I see that Cookie header has been ignored to be set.
   

4. However if I execute curl (shown in the screenshot above), I am able to get authorized content by provided session cookie.

Is it an expected behavior, or a known bug, or some design decision to not support session cookie parameter?
As according to Swagger documentation, this feature is supported https://swagger.io/docs/specification/authentication/cookie-authentication/

[pavel-vasiluk]

Ok, going to close this, as I have found out that this feature is still not supported by swagger-js.
Related issues for those who investigating same problem as mine:
swagger-api/swagger-ui#3785
swagger-api/swagger-js#1163