Authorizing POST request trigger

Posted by matman on 30-Apr-2015 03:34


I'm writing a program that executes some code, based on a Post request send by a trigger in Rollbase. But I want to verify that the post request is send by a valid user that is logged in. To do this, I'm thinking about checking the sessionId. I want to send the sessionId with the postrequest, withing the XML body. Using an EVAL[] block, I tried {!#SESSION_ID}, but this returns NULL. Why is this, and how can I solve this? Or is there a better way of checking the post request came from a logged in user?

Kind regards,

All Replies

Posted by Godfrey Sorita on 30-Apr-2015 09:17
Hi Martin,

The {!SESSION_ID} token only seem to work client-side. If you do get a sessionId, how will you check the validity of the sessionId from your code? Are you sending the POST request to Rollbase web service?

Posted by Anoop Premachandran on 30-Apr-2015 09:20

The only time a POST request will not have a user context is when it is called from Batch Job or Delayed Trigger. Is this what you want to differentiate ?

Posted by Anoop Premachandran on 30-Apr-2015 09:23

You can use current user and current visitor token as well..

This thread is closed