I expected to see a field on the response of the DefaultSessionLogin method, but there are no fields there. I need o use the valid logged in session for another rest API call back to Rollbase, but I'm having trouble finding the sessionId, so I can use it.
I tried searching documentation and the community, but haven't found anything that points me in the right direction. Any help would be appreciated.
I thought I would add some more information to this since I haven't gotten a response yet. Any information would be appreciated.
I created a new rest service using the Rollbase mobile platform to be able to use the selectQuery API from Rollbase that isn’t automatically created when a mobile project is started.
In the parameters needed for the request includes the session ID
My mobile project is using the default login method that is put in place when the project is created. If I look at how that is mapped, I don’t have any visible parameters for the response.
I just have my request values for user and Password.
It’s like the sessionId information is being done behind the scenes.
I can use Fiddler and get my RSessionID value, past that in the test section of my new rest service and successfully get the data I am looking for.
What I need to know is how to get the RSessionId into a variable that I can pass as a request parameter in my new Rest API.
Thanks again for any help.
Hello,
The RSessionId is set as an HTTP Only Cookie.
This is cookie that is managed by the web browser (or web container) and is not available via JavaScript.
You could disable the usage of HTTP Only Cookies, in which case the session id would be sent as parameter in the URL.
However, this is not recommended because it reduced the security since there is the potential for malicious code to steal the value of if HTTPS is not used or if code on the client uses a XSS attack.
I have not debugged this but I am guessing that DefaultSessionLogin only applies to mobile, perhaps, it only sets the cookie to the path "/rest/mobile/api" which then would not enable the usage of calling other REST APIs in Rollbase.
Perhaps, a workaround is to authentication for these REST APIs using a separate request.
I would suggest to contact Technical Support to log a bug/enhancement request so that authentication using DefaultSessionLogin would also apply to any REST API in Rollbase (if the security model is appropriate).
I hope this helps.
Hi,
We tried to authenticate by calling another login method and grabbing the sessionID there. While this works to allow us to turn back around and call a the selectQuery API in Rollbase, it disables the use of the default services that are created via mobile. It appears to do this because the 2nd login kicks out the first login and that session is no longer valid. Since the calls to the default services use the HTTP cookie, which is now logged out, we can't get data back from those services.
Can you think of any other ideas on how we can use the default services that are created in Rollbase mobile, but still call other non-default Rollbase APIs? Being able to dynamically search on the server side is key for the success of our mobile projects on Rollbase.
From next release on wards, we are allowing multiple concurrent sessions for mobile API access. SO that should solve part of your problem. Supporting selectQuery as well as adhoc views on objects through Mobile API is something we have on roadmap.