> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sessions API

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

export const InlineImage = ({src, alt = '', height = '2em'}) => {
  return <img src={src} alt={alt} style={{
    display: 'inline',
    verticalAlign: 'start',
    height: height,
    margin: '0'
  }} />;
};

[localhost link]: http://localhost:3000/docs/4/fusion-server/reference/api/authentication-and-authorization-apis/sessions-api

[mintlify link]: https://doc.lucidworks.com/docs/4/fusion-server/reference/api/authentication-and-authorization-apis/sessions-api

[old doc.lw link]: https://doc.lucidworks.com/fusion/5.9/339

The Sessions API provides a way for clients to manage Fusion sessions and cookies. When a client successfully authenticates, Fusion will create a unique identifier for the session. This identifier becomes the session key and is mapped to the client. The authentication response contains an HTTP cookie, which is typically stored by the client for later use. By sending this cookie back to Fusion, a client can securely access Fusion without having to re-authenticate.

By default, sessions time out after 1 hour of no activity. A default maximum limit of 8 hours ensures that sessions are cleared, regardless of activity. Once a session times out, clients must re-authenticate to receive a new session cookie.

The following properties control session timeouts ***in seconds***:

* `com.lucidworks.apollo.admin.session.timeout` - Maximum amount of time before a session, active or otherwise, expires.
* `com.lucidworks.apollo.admin.session.idle.timeout` - Maximum amount of time before an idle session expires.

To set these values for the Fusion proxy, please edit `fusion.properties` and add them to the `proxy.jvmOptions` variable. Each value must be added with a `-D` prefix. For example, to set the session timeout to 4 hours and the idle timeout to 10 minutes, use the following:

To set these values for the Fusion proxy, please edit `fusion.properties` and add them to the `proxy.jvmOptions` variable. Each value must be added with a `-D` prefix. For example, to set the session timeout to 4 hours and the idle timeout to 10 minutes, use the following:

```
proxy.jvmOptions = -Xmx512m -Dcom.lucidworks.apollo.admin.session.timeout=14400 -Dcom.lucidworks.apollo.admin.session.idle.timeout=600
```

<LwTemplate />

## Create a Session

The path for this request is:

`/api/session?realmName=<realmName>`

where the query parameter *realmName* takes as its value the name of a realm to authenticate against.

<Note>
  In order to see this object within the [Fusion UI](/docs/4/fusion-server/concepts/object-explorer), it **must** be associated with an app. To do this, create the object using the `/apps` endpoint.
</Note>

### Input

| Parameter                  | Description                            |
| -------------------------- | -------------------------------------- |
| username  <br />*Required* | The username to use in authentication. |
| password  <br />*Required* | The password to use in authentication. |

### Output

The output will include a cookie ID in the HTTP response header. This can be saved to a file and re-used with subsequent REST API requests.

### Examples

*Create a session against an LDAP server and store it in a file named 'cookies':*

**REQUEST**

```bash wrap  theme={"dark"}
curl -c cookies -i -H "content-type:application/json" -X POST -d '{"username":"USERNAME", "password":"PASSWORD"}' https://FUSION_HOST:8764/api/session?realmName=REALM_NAME
```

**RESPONSE**

```sh wrap  theme={"dark"}
http/1.1 201 Created
Set-Cookie: id=840a33d4-b650-49f2-87a4-85412e99b37c;HttpOnly;Path=/api
Content-Length: 0
Server: Jetty(9.1.4.v20140401)
```

<Note>
  In this case, we got a response because we set `curl` to include the HTTP in the output. Otherwise, we would not know for sure the session was created.
</Note>

*Use the cookie in another cURL request to see all collections:*

```bash wrap  theme={"dark"}
curl -b cookies https://FUSION_HOST:8764/api/collections
```

## View Session Details

To view session details, including the current user record, all roles directly assigned to that user, and all roles inherited from the realm by that user, use the following path for the request:

`/api/session`

### Examples

**REQUEST**

```bash wrap  theme={"dark"}
curl 'https://FUSION_HOST:8764/api/session' -H 'Cookie: id=416925d6-6d26-4afd-b31d-ced61714d287'
```

**RESPONSE**

```json wrap  theme={"dark"}
{
  "user": {
    "id": "abc123",
    "username": "foo"
  },
  "roles": [
    {"name": "bar"}
  ]
}
```

## End a Session

The path for this request is:

`/api/session`

### Examples

Sessions can be ended automatically in the Fusion UI by clicking **Account Settings** <InlineImage src="/assets/images/4.0/icons/workspace-account.png" /> **> Log out**.
