Sessions API

The session API provides a way for clients to manage Fusion sessions and cookies. When a client successfully authenticates, Fusion will create a unique identifier for the session. This identifier becomes the session key and is mapped to the client. The authentication response contains an HTTP cookie, which is typically stored by the client for later use. By sending this cookie back to Fusion, a client can securely access Fusion without having to re-authenticate.

By default, sessions time out after 1 hour of no activity. A default maximum limit of 8 hours ensures that sessions are cleared, regardless of activity. Once a session times out, clients must re-authenticate to receive a new session cookie.

The following properties control session timeouts:

  • com.lucidworks.apollo.admin.session.timeout - maximum timeout in seconds

  • com.lucidworks.apollo.admin.session.idle.timeout - "no activity" timeout in seconds

Create a Session

The path for this request is:

/api/session?realmName=<realmName>

where the query parameter realmName takes as its value the name of a realm to authenticate against.

Input

Parameter Description

username
Required

The username to use in authentication.

password
Required

The password to use in authentication.

Output

The output will include a cookie ID in the HTTP response header. This can be saved to a file and re-used with subsequent REST API requests.

Examples

Note
Use port 8765 in local development environments only. In production, use port 8764.

Create a session against an LDAP server and store it in a file named 'cookies':

REQUEST

curl -c cookies -i -H "content-type:application/json" -X POST -d '{"username":"myUser", "password":"myPassword"}' http://localhost:8764/api/session?realmName=myLDAP

RESPONSE

HTTP/1.1 201 Created
Set-Cookie: id=840a33d4-b650-49f2-87a4-85412e99b37c;HttpOnly;Path=/api
Content-Length: 0
Server: Jetty(9.1.4.v20140401)
Note
In this case, we got a response because we set curl to include the HTTP in the output. Otherwise, we would not know for sure the session was created.

Use the cookie in another cURL request to see all collections:

curl -b cookies http://localhost:8764/api/collections