The reason it show guest when you POST to user/session is because the role is being assessed before the session is established.
If you turn around and to a GET on user/session with your session token (which you just got back) and the api key, the correct role will show.
↧
DF2 - role_id value is based on Default Role, not on the setting in the User tab
↧