Showing results for 
Search instead for 
Did you mean: 

Get a cookie from httpRequest POST for Fortigate Authentication


Hello everybody,

at the moment I am trying to establish an authentication towards a FortiNet Firewall Appliance via the RESTAPI.

Therefore i need to send a HTTP POST Request.

I think thats working fine, but from the request I should get a authentication cookie, which I have to use for all further actions.

Sadly I don't know how to access this cookie.

I use the following libs:






My Request looks like this:

//------------------------------ Get Token for the session---------------------------

var request = new httpRequest();

// SSL connection with Basic Auth


// POST request.


var statusCode = request.execute();

var response = request.getResponse("asString");

logger.addInfo("Status Code: " + statusCode );

logger.addInfo("Response data: " + response );


//------------------------------ Get Token for the session---------------------------

Anyone does know how I can access the cookies out of the response here?

I tried some methods, but none of them seems to work.

Or am I maybe on the wrong track?

Thanks for your help!

kind regards


5 Replies 5

Orf Gelbrich
Cisco Employee
Cisco Employee

Take a look at #419

I get a ticket from DNA Center and use it in the next task to call the next API call.

Hi Orf,

tried a lot, but I think there is still something missing or other than in the example.

What I need at first is, to display the Cookie/Header which I get from my initial POST.

When I go i.e. with curl like: curl -X POST -k -d "username=apiuser&secretkey=123456" -vvv

I see following headers/cookies:

< Set-Cookie: APSCOOKIE_17428408139350898367="XYZ123"; path=/; HttpOnly

< Set-Cookie: ccsrftoken_17428408139350898367="blabla"; path=/

< Set-Cookie: ccsrftoken="blabla"; path=/

< Set-cookie: rl=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/

< Transfer-Encoding: chunked

< Content-Type: text/html; charset=utf-8

Now I want to save two of the headers (APSCOOKIE.... and ccsrftoken) to two variables.

After saving them I will be able to use them in my further POSTs towards the API, because I need to send them, to be authenticated.

I tried to access the headers with things like the following:

var cookie = request.getResponse().headers['Set-Cookie'];


var cookie = request.getResponseHeader('Set-Cookie');

But nothing seems to work and I cant find any JavaScript doc, where its explained how to access just the header from a response...

Did I just misunderstood your examplescript, or do you (or someone) have any other idea how to achieve my goal?

I just realized I had pasted the wrong code into the example, but the task in the workflow had the right code…


In my case my response looks like this (JSON):


And my code gets the ticket with some string clean up (x.replace):

// Parse the response for the service ticket...

var parser = new JsonParser();

var jsonTree = parser.parse(response);

logger.addInfo("jsonTree - JSON Object: " + jsonTree.isJsonObject());

var jsonObj = jsonTree.getAsJsonObject();

var serviceTicketObj = jsonObj.get("response").get("serviceTicket");

logger.addInfo("Service Ticket: " + serviceTicketObj.toString());

var a=serviceTicketObj.toString();

logger.addInfo("a = " + a);

var b=a.replace(/["']/g, "");

logger.addInfo("b= "+b);

output.TICKET = b;

You response does not look like JSON.

Hi Orf,

thats right - my response is no JSON.

Here is the full response from CURL POV:


root@FESVMDSMLMNG003:~# curl -X POST -k -d "username=apiuser&secretkey=blabla" -vvv

* About to connect() to port 443 (#0)

*   Trying connected

* successfully set certificate verify locations:

*   CAfile: none

  CApath: /etc/ssl/certs

* SSLv3, TLS handshake, Client hello (1):

* SSLv3, TLS handshake, Server hello (2):

* SSLv3, TLS handshake, CERT (11):

* SSLv3, TLS handshake, Server key exchange (12):

* SSLv3, TLS handshake, Server finished (14):

* SSLv3, TLS handshake, Client key exchange (16):

* SSLv3, TLS change cipher, Client hello (1):

* SSLv3, TLS handshake, Finished (20):

* SSLv3, TLS change cipher, Client hello (1):

* SSLv3, TLS handshake, Finished (20):

* SSL connection using ECDHE-RSA-AES256-GCM-SHA384

* Server certificate:

*        subject: C=US; ST=California; L=Sunnyvale; O=Fortinet; OU=FortiGate; CN=FG1K2D3I16801618;

*        start date: 2016-10-18 02:32:45 GMT

*        expire date: 2038-01-19 03:14:07 GMT

*        issuer: C=US; ST=California; L=Sunnyvale; O=Fortinet; OU=Certificate Authority; CN=support;

*        SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

> POST /logincheck HTTP/1.1

> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/ libidn/1.23 librtmp/2.3

> Host:

> Accept: */*

> Content-Length: 31

> Content-Type: application/x-www-form-urlencoded


* upload completely sent off: 31out of 31 bytes

< HTTP/1.1 200 OK

< Date: Fri, 13 Oct 2017 11:26:31 GMT

< Server: xxxxxxxx-xxxxx

< Set-Cookie: APSCOOKIE_17428408139350898367="Era%3D0%26Payload%3DSfxRpm3acV2A59jeBJbIp+vrQL1JP%2FwMpf3ZRZokkQMhooRYe+D3SjBX5A235bVZ%0Aghi0bktyVCNgC8tA%2Fb%2F4UPIZ9kXhlXnLyN0rJbRggONPCLrJGR06b0eZ2AIrqbt1%0ATXNzl9ualb4v40O0CcJu0dfRSpgsxoq7%0A%26AuthHash%3DPgttgDSCqgy6DbExOjKTPKzv9H0A%0A"; path=/; HttpOnly

< Set-Cookie: ccsrftoken_17428408139350898367="AB1A4EAD17DD609C221B81227CF534AF"; path=/

< Set-Cookie: ccsrftoken="AB1A4EAD17DD609C221B81227CF534AF"; path=/

< Set-cookie: rl=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/

< Transfer-Encoding: chunked

< Content-Type: text/html; charset=utf-8

< X-Frame-Options: SAMEORIGIN

< Content-Security-Policy: frame-ancestors 'self'

< X-UA-Compatible: IE=Edge


<script language="javascript">



* Connection #0 to host left intact

* Closing connection #0

* SSLv3, TLS alert, Client hello (1):


So I know now, that I need to extract the Headers and display them.

Then I tried to extend the function which are built up above in the script.

httpRequest.prototype.getHeaders = function(headname) {

    return this.httpMethod.getResponseHeader(headname);

    this.headers = this.httpMethod.getResponseHeaders();

    return this.headers;


To display this i use:

var headers = request.getHeaders("Set-Cookie");

logger.addInfo("Headers: " + headers );

But I just get a "null" as result.

Otherwise when I try it with this code:

httpRequest.prototype.getHeaders = function() {

    this.headers = this.httpMethod.getResponseHeaders();

    return this.headers;


var headers = request.getHeaders();

logger.addInfo("Headers: " + headers );

But then I see something like: [Lorg.apache.commons.httpclient.Header;@1e5ea189

It seems that I have to add another function (as I did) but I am obviously doing there some mistake - but i don't know which mistake I face here.

I probably would use

var str = "Visit W3Schools!";

var n ="W3Schools");


and get the position and then cut out the part you need

var res = str.substring(n, n+10);

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: