Warning
This API is disabled by default in Cordra v2.0.0. To re-enable it, you can add “useLegacySessionsApi”:true to the Cordra design object.
The sessions API requires sending back a session cookie (cookie name JSESSIONID) as well as a separate X-Csrf-Token header for CSRF mitigation. The CSRF token is also returned to the user as a cookie (cookie name Csrf-token); thus the server will in general return two Set-Cookie headers, one for the JSESSIONID cookie and one for the Csrf-token cookie. Both values must be returned in order for session authentication to work; the JSESSIONID cookie must be returned as a standard Cookie: header, and the CSRF token must be returned in a special X-Csrf-Token header.
Resource |
Description |
---|---|
Retrieve current session. |
|
Create a new session. |
|
Delete current session. |
Request:
GET /sessions/this
Parameters |
||
---|---|---|
full |
optional |
If |
Request Headers |
|
---|---|
X-Csrf-Token |
Value from Csrf-token cookie |
Response Attribute Name |
Description |
---|---|
isActiveSession |
Whether or not the session is active. |
username |
Username of currently logged in user |
userId |
UserId of currently logged in user |
typesPermittedToCreate |
List of types this user can create. |
groupIds |
List of groups this user is in. |
Request:
POST /sessions/
Request Headers |
|
---|---|
Authorization |
Should be a Basic or Bearer auth header |
Response Headers |
|
---|---|
Set-Cookie |
Sets cookies needed for CSRF |
Response Attribute Name |
Description |
---|---|
isActiveSession |
Whether or not the session is active. |
username |
Username of currently logged in user |
userId |
UserId of currently logged in user |
typesPermittedToCreate |
List of types this user can create. |
groupIds |
List of groups this user is in. |
Request:
DELETE /sessions/this
Response:
{
"isActiveSession": false,
"typesPermittedToCreate": []
}