Good day. I use Passbolt Api for creating entries in passbolt. But I have problem with session checking. Every request I check session by method /auth/is-authenticated.json. But I think the session has a lifetime and I have got error when I tried to create entry
CSRF token from either the request body or request headers did not match or is missing.“,“url”:”/resources.json?api-version=v2",“code”:403
But /healthcheck.json?api-version=v2 return 200 at this time.
How i can check csrf token and session?
Hi @Egor Welcome to the forum!
Yes there is an authentication sequence which is described here Passbolt Help | Authentication in passbolt
This thread has helpful related links as well How to complete initial API auth steps using Postman?
Hi @garrett! Thank you for the fast response. I can able to successfully complete the login steps and steps for creating entries by my service. And i store session id and csrf token, then some time passes and my service trying to create entry again with checking session by method /auth/is-authenticated.json.
And then I get an error “CSRF token from either the request body or request headers did not match or is missing”.
How can I check that I need to repeat login steps again?
I believe it’s considered normal to reauthenticate every call, but that may have changed.
And I would add that the error you are receiving would also be a good way to know.
I am trying to repeat the login every request. I call /auth/logout.json but then i make another request with login’s steps and I don’t receive csrf token by method users/me.json?api-version=v2. This response doesn’t have header set-cookie. I think I need to reset session but I cannot imagine how
I think stateless with JWTs is in the works but it’s session based with a cookie at the moment and your former approach should incorporate the timed out response which requires reauthentication. The first step then would be to check like you were saying above:
Authenticate again when this happens.
1 Like