From 17c03e9a4d4003f460edfe4a40f68924a0ca8eda Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Wed, 3 Nov 2021 21:33:21 -0700
Subject: [PATCH] Fix broken session management for application api

---
 CHANGELOG.md        | 6 ++++++
 app/Http/Kernel.php | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 01c298cff..bc1e30d3e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,13 @@ This file is a running track of new features and fixes to each version of the pa
 
 This project follows [Semantic Versioning](http://semver.org) guidelines.
 
+## v1.6.5
+### Fixed
+* Fixes broken application API endpoints due to changes introduced with session management in 1.6.4.
+
 ## v1.6.4
+_This release should not be used, please use `1.6.5`. It has been pulled from our releases._
+
 ### Fixed
 * Fixes a session management bug that would cause a user who signs out of one browser to be unintentionally logged out of other browser sessions when using the client API.
 
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index a96b32dec..04a663f33 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -70,6 +70,8 @@ class Kernel extends HttpKernel
         'api' => [
             HandleStatelessRequest::class,
             IsValidJson::class,
+            StartSession::class,
+            AuthenticateSession::class,
             ApiSubstituteBindings::class,
             'api..key:' . ApiKey::TYPE_APPLICATION,
             AuthenticateApplicationUser::class,