Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Using JSESSIONID from API request

It looks like each API request authenticated with basic auth returns a JSESSIONID cookie. However if that cookie is passed in the next API request instead of the basic auth credentials (i.e. to switch to using cookie authentication) then a 401 results.

If however I use the /auth/1/session API then the JSESSIONID cookie returned can be used successfully.

My goal is to avoid the extra round-trip to make the POST to /auth/1/session and instead use basic auth with the first API request and cookie authentication with subsequent requests (in order to meet the recommendation here https://jira.atlassian.com/browse/JRA-44654).

Does anyone know why the JSESSIONID from API requests can be used to authenticate the next request?

3 answers

Because it's not supposed to. Either you pass basic-auth headers with every request or you call /auth/1/session to retrieve the JSESSIONID bounded to authenticated session.

Do you know what the purpose is of the JSESSIONID cookie that is returned with each API request?

Using cookie based authentication would be more efficient if it didn't require an extra call each time. Sometimes we need to make just one API call, so calling /auth/1/session would double the time taken. In other cases we make many requests in a row with the same identity and so cookie based authentication would apparently help. However it is not easy to know before the first call whether there will be many subsequent calls or not.

(Sorry this should have been a comment ... but I am locked out from making any more edits for 24 hours).

@Chris Waters I think the following might be out of interest for you on this subject.

http://stackoverflow.com/questions/35632642/jira-rest-api-calls-fail-when-using-jsessionid-cookie-authentication-using-urlfe

Br, Niclas

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

4,248 views 12 5
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you