01-31-2017 10:18 AM
The docs say that you can use the JSESSIONID cookie to re-use an authentication session. Yet in testing on CUCM 11.5, I find that this doesn't work. Instead, you have to use the new(er) JSESSIONIDSSO cookie.
If you send just the SSO cookie, things work. Send only a (valid) JSESSIONID cookie, and you get a wonderful 401 error.
Have the docs not been updated, or is this a bug?
GTG
01-31-2017 03:20 PM
Thanks for catching this, we'll take and look at get this updated...
01-25-2018 12:11 PM
How are you able to validate that this is working? I have tried sending the JSESSIONID and/or the JSESSIONIDSSO cookie with a subsequent request and each time I get back a new set of cookies with my response. If I drop the auth header and send a request with cookies from a previous valid request I get a 401 error. (using CUCM 11.5)
01-25-2018 02:48 PM
Note, the JSESSIONIDSSO cookie will expire after about 30 minutes.
What you describe should work:
- Make a standard request with 'Authorization' header
- Extract the 'Set-Cookie' response header for JSESSIONIDSSO
- On subsequent requests, do not include Authorization, but do include a 'Cookie' header containing the content the full JSESSIONIDSSO:
Cookie: JSESSIONIDSSO=2723FD93559E7FA7E17F0E7958D13; Path=/; Secure; HttpOnly
01-26-2018 07:03 AM
Hey thanks for the quick response. I realized that I was sending a Set-Cookie header with my subsequent requests instead of a Cookie header. Fixed that and it works as expected now.
+1 dstaudt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide