Re: JSESSIONID obtained from SignIn Call Not working for sub-sequent calls in the same Application.

Bilal Ahmed Yaseen · ‎04-17-2014

Whenever I sigin using Medisense Signin API, I get the JSESSIONID and call executes successfully but when I use this JSESSION ID for further mediasense API calls like SignOut or GetAllActive Sessions or GetSystemTime etc I get the following error:

{"responseMessage":"Failure: Invalid session. The session may have expired. Sign in again or enter a valid JSESSIONID.","responseCode":4021}

SigInCode:

String url = "https://" + serverAddress + "/ora/authenticationService/authentication/signIn";

PostMethod postMethod = new PostMethod(url);

HttpClient client = new HttpClient();

postMethod.setParameter("username", userName);

postMethod.setParameter("password", password);

postMethod.setParameter("Content-Type", contentType);

postMethod.setRequestEntity(new StringRequestEntity(requestBody, contentType, null));

client.executeMethod(postMethod);

After this I get the JSESSIONID Successfully and get response:

{"responseMessage":"Success: Your request was successfully completed.","responseCode":2000}

After this I make call method of SIgnOut With the same JSESSIONID I got above:

SignOut:

String contentType = "application/json";

String url = "https://" + serverAddress + "/ora/authenticationService/authentication/signOut";

PostMethod postMethod = new PostMethod(url);

HttpClient client = new HttpClient();

postMethod.setParameter("username", userName);

postMethod.setParameter("password", password);

postMethod.setParameter("Content-Type", contentType);

client.executeMethod(postMethod);

And I get the response:

{"responseMessage":"Failure: Invalid session. The session may have expired. Sign in again or enter a valid JSESSIONID.","responseCode":4021}

And same response I get when I make call to GetAllActiveSessions

GetAllActiveSessions:

String requestBody = "{\n"

+ "\"requestParameters\": {\n"

+ "\"deviceRef\": \"" + deviceReference + "\",\n"

+ "\"mediaStreams\": [{\n"

+ "\"mediaType\":\"AUDIO\"\n"

+ "}\n]\n"

+ "}\n"

+ "}";

System.out.println("Request Body: " + requestBody + "\n JSESSIONID:" + JSESSIONID);

String contentType = "application/json";

String url = "https://" + serverAddress + "/ora/controlService/control/startRecording";

System.out.println("URL: " + url);

PostMethod postMethod = new PostMethod(url);

HttpClient client = new HttpClient();

postMethod.setRequestHeader("JSESSIONID", JSESSIONID);

postMethod.setParameter("JSESSIONID", JSESSIONID);

postMethod.setParameter("Content-Type", contentType);

postMethod.setRequestEntity(new StringRequestEntity(requestBody, contentType, null));

client.executeMethod(postMethod);

But Not Executed Successfully:

The Sequence of making calls is:

SigIn();

GetAllActiveSessions();

SignOut();

PS: The JSESSION ID the datamember of the class so that it may be accessible in all methods once initialized in SignIn Method and I have checked in other mthods and JESSIONID is available that was populated by SignIn method.

Any Help will be appreciated as I have looked a lot and now I am tired of it

Note: I have attached the file containing complete source code too.

Thanks,

Bilal Ahmed Yaseen · ‎04-17-2014

I can make these call using poster I think this is because, Poster caches JESSIONID and we don't have to pass it in the Header of API Calls.

Bilal Ahmed Yaseen · ‎04-18-2014

@delender, @jwolfeld , I have made one observation that when I make SignIn call using Poster I get JSESSIONID in 'Set-Cokie' header and when I try to sinIn again with the same API user without signing out, I don't get new JSESSIONID in 'Set-Cokie' header. While this is not the case when I make API Calls programatically. There each time a new JSESSIONID is generated each time I make SigIn call witht he same API User even without signing out that API User.

dlender · ‎04-18-2014

Why are you invoking SignIn multiple times? After Signin, set the cookie to be the JSESSIONID in the header of your next request.

Look at the http request in the console of the debugger to see if the cookie with the JSESSIONID is being set correctly by your application.

Bilal Ahmed Yaseen · ‎04-18-2014

dlender

First of all this is the response of SignIn call(I have displayed headers and responsebody of the request):

null=[HTTP/1.1 200 OK]

Server=[]

Set-Cookie=[JSESSIONID=E3D5861F70B355898CAE1DA00810D014; Path=/ora/; Secure; HttpOnly]

Content-Length=[91]

Date=[Fri, 18 Apr 2014 11:55:29 GMT]

Content-Type=[application/json]

Header Value:JSESSIONID=E3D5861F70B355898CAE1DA00810D014; Path=/ora/; Secure; HttpOnly

JSESSIONID:E3D5861F70B355898CAE1DA00810D014

And from this response SignIn Call seems to be working fine.

Secondly, I was Invoking SigIn calls multiple times because I was trying to understand the behavior that When an API User tries to SigIn who is already SignIn then what happens, either a new JSESSIONID is assigned or the Same JSESSIONID is returned back ? In poster(as I told you earlier) that If I try to SignIn multiple times with the same API User, then just for the first SignIn call JSESSIONID was returned in the Header and after that no JESSEIONID was returned in the header until I signOut that API User and SignIn again but that was not the case when I do programatically(Programatically Against each signIn call with the same API USER I get different JSESSIONID). kindly resolve my this confusion too

Thirdly, In the above mentioned code you may see that I have mentioned JESSIONID in the header of the request though @jwolfeld said there is no need of this medisense handles this by ourself.

jwolfeld · ‎04-18-2014

Bilal,

Please take another look at the SignIn API example in the developer's guide, and copy that. Username and password should not be set as parameters in httpClient. They should be sent in the JSON body of that HTTP POST request. Thereafter, you don't have to concern yourself at all with JSESSIONID. HttpClient (as well as Poster) will receive the set-cookie from MediaSense, keep track of it, and send it back to MediaSense as a cookie automatically for you.

- Jeff W.

Bilal Ahmed Yaseen · ‎04-18-2014

@jwolfeld

I know that in documentation, username and password is aet in the header only not in http client as parameter. But during my experiments in getting rid of this strange issue I set as parametrs too as I saw this in 'Search & Play App' there too username and password is set as parameters too. So, by these both, Issue remains the same I have double-checked it. You may check my above mentioned code that I have mentioned username and password in json format during making signIn API call.

Secondly, As you said we don't need to mention JSESSIONID in the header of API calls as mediasesnse will manage it by ourself, but still issue remains the same.

I think SigIn call is working fine but don't know then why I am facing this strange issue as without this I cant work at all as JSESSIONID is required in all subsequent API calls. I know this too there will be a minner thing that I will be missing But by now I could not get that.

You may also check my code I mentioned in this post earlier.

Thanks for your precious time in understanding my issue and assisting me.

Bilal Ahmed Yaseen · ‎04-22-2014

I have resolved this Issue by myself. Actually, Unfortunately, Don't know why, I was Using the new HttpClient Object for each API Call. Then, I used the same HttpClient Object(one I created in the sigIn method) for the subsequent API Calls and It worked for me. But I am still un-able to understand this scenario that why this happened:

1. As I am passing JSESSIONID in header of API request then It should be enough for medisense server to authenticate

2. How & Why HttpClient object is effecting on this as we sigIn to Mediasense server and further requests goes to same server.

Or I am un-able to understand that what actually the HttpClient Object represents ?

andres21 · ‎07-20-2016

If anyone is still having this issue, I found out that the JSESSIONID returned from the media sense API should not be used programmatically as header name as it is misleadingly specified in the documentation, but instead as a cookie header, in subsequent calls you should send the entire string you got from the signIn as a header called "cookie"

Your headers for the following calls should look like these:

HEADERS

cookie: JSESSIONID=E57F1529C41DB3D429C8FB88CCBA2DA6; Path=/ora/; Secure; HttpOnly

content-type: application/json

Hope it helps, pura vida

akit_cisco · ‎06-30-2017

Hi,

I am working with the mediasense API and also ran into this issue.

I was performing a sign in request using postman which resulted in success, but did not return a Jession ID.

I found that I had to add the 'intercepter' add-on to postman and then I could see the JSESSION ID populated in the cookie field of postman.

To make Postman requests use the Cookies stored in Chrome, you'll need to

Install the interceptor
Enable the interceptor in Postman (satellite icon on the top right)

If the interceptor is installed and enabled, the requests you send via Postman should include cookies stored for that domain in Chrome.

https://github.com/postmanlabs/postman-app-support/issues/1374

akit_cisco · ‎07-08-2017

Also to add to this, when making a sign in request from Finesse to Media sense, the value returned has actually got a key value of JSESSIONIDSSO instead of JSESSIONID.