https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440351#M374 <HTML><HEAD></HEAD><BODY><P>Note, the JSESSIONIDSSO cookie will expire after about 30 minutes.</P><P></P><P>What you describe should work:</P><P>- Make a standard request with 'Authorization' header</P><P>- Extract the 'Set-Cookie' response header for JSESSIONIDSSO</P><P>- On subsequent requests, do not include Authorization, but do include a 'Cookie' header containing the content the full JSESSIONIDSSO:</P><P></P><P>Cookie: JSESSIONIDSSO=2723FD93559E7FA7E17F0E7958D13; Path=/; Secure; HttpOnly</P></BODY></HTML> Thu, 25 Jan 2018 22:48:13 GMT dstaudt 2018-01-25T22:48:13Z https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440348#M371 <HTML><HEAD></HEAD><BODY><P>The docs say that you can use the JSESSIONID cookie to re-use an authentication session. Yet in testing on CUCM 11.5, I find that this doesn't work. Instead, you have to use the new(er) JSESSIONIDSSO cookie.</P><P></P><P>If you send just the SSO cookie, things work. Send only a (valid) JSESSIONID cookie, and you get a wonderful 401 error.</P><P></P><P>Have the docs not been updated, or is this a bug?</P><P></P><P>GTG</P></BODY></HTML> Tue, 31 Jan 2017 18:18:42 GMT https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440348#M371 Gordon Ross 2017-01-31T18:18:42Z https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440349#M372 <HTML><HEAD></HEAD><BODY><P>Thanks for catching this, we'll take and look at get this updated...</P></BODY></HTML> Tue, 31 Jan 2017 23:20:33 GMT https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440349#M372 dstaudt 2017-01-31T23:20:33Z https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440350#M373 <HTML><HEAD></HEAD><BODY><P>How are you able to validate that this is working? I have tried sending the JSESSIONID and/or the JSESSIONIDSSO cookie with a subsequent request and each time I get back a new set of cookies with my response. If I drop the auth header and send a request with cookies from a previous valid request I get a 401 error. (using CUCM 11.5)</P></BODY></HTML> Thu, 25 Jan 2018 20:11:17 GMT https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440350#M373 James Adam 2018-01-25T20:11:17Z https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440351#M374 <HTML><HEAD></HEAD><BODY><P>Note, the JSESSIONIDSSO cookie will expire after about 30 minutes.</P><P></P><P>What you describe should work:</P><P>- Make a standard request with 'Authorization' header</P><P>- Extract the 'Set-Cookie' response header for JSESSIONIDSSO</P><P>- On subsequent requests, do not include Authorization, but do include a 'Cookie' header containing the content the full JSESSIONIDSSO:</P><P></P><P>Cookie: JSESSIONIDSSO=2723FD93559E7FA7E17F0E7958D13; Path=/; Secure; HttpOnly</P></BODY></HTML> Thu, 25 Jan 2018 22:48:13 GMT https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440351#M374 dstaudt 2018-01-25T22:48:13Z https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440352#M375 <HTML><HEAD></HEAD><BODY><P>Hey thanks for the quick response. I realized that I was sending a Set-Cookie header with my subsequent requests instead of a Cookie header. Fixed that and it works as expected now.</P><P></P><P>+1 dstaudt <IMG src="https://community.cisco.com/legacyfs/online/emoticons/happy.png" /></P></BODY></HTML> Fri, 26 Jan 2018 15:03:08 GMT https://community.cisco.com/t5/management/axl-authentication-cookies/m-p/3440352#M375 James Adam 2018-01-26T15:03:08Z