Handle session isolation for mixed authentication methods

Referred from https://github.com/apache/tooling-trusted-releases/issues/738

**ASVS Reference:** 7.2.4

**Finding:** 7.2.4-06

### Description

When authenticating via Bearer tokens or Basic Auth (via the `Authorization` header), the `asfquart/session.py` `read()` function creates an ad-hoc session from the header credentials but does **not** clear any existing cookie session. If both an `Authorization` header and a valid session cookie are present, this could lead to session confusion or privilege inconsistency.

### Affected File

- `src/asfquart/session.py` — `read()` function, Bearer/Basic auth handling

### Recommendation

When header-based authentication is used, explicitly ignore or clear cookie session state to prevent ambiguity about which identity is active.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Handle session isolation for mixed authentication methods #57

Description

Affected File

Recommendation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Handle session isolation for mixed authentication methods #57

Description

Description

Affected File

Recommendation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions