0

I am using Spring-boot, and i want to make API calls since i am building a single page application. Spring boot provides a session id on every page header as "Auth-x-token" when a page is served (if you have configured Spring session in your app). I am confused now cause i want to send this ID back to the server so it can know the user in session. Please how can this be achieved.

Eshiett Oto-obong
  • 410
  • 1
  • 3
  • 14

1 Answers1

0

First, note that the X-Auth-Token is a custom/proprietary HTTP header. The way it works is - this contains the session id and so it can be used very similarly to how you'd use that.

Simply put, you'll send this header with your request so that you don't have to provide your credentials for that request. You can read more about it here.

Eugen
  • 8,523
  • 8
  • 52
  • 74
  • my question is since the X-Auth-Token contains the session ID, each subsequent request from the user will need the ID to know the user in session. "How will i be transferring the session ID from the client (after i get the X-Auth-Token in the header on my page) to the server, so the server can know the user in session – Eshiett Oto-obong Sep 10 '17 at 14:22
  • In each subsequent request, you'll be sending this token, via this header. – Eugen Sep 11 '17 at 15:00
  • are you saying at every rest-api call i should create an x-auth-token header and place the session ID inside and if yes. how do i get the X-auth-token value from the header of my initial server request. cause i heard java script cant get a header from an already rendered page. – Eshiett Oto-obong Sep 11 '17 at 15:28
  • Not "create". On every call from your client, you need to send this token, just as you'd do with a session, or - in OAuth - with the Bearer token. – Eugen Sep 13 '17 at 06:47
  • what i did was to send the sessin id from the server to the client and store it in a cookie for subsequent requests...will this be correct – Eshiett Oto-obong Sep 13 '17 at 10:46
  • @Eugen Can you please help me on https://stackoverflow.com/questions/48806722/can-i-append-some-information-in-oauth-check-token-endpoint-and-retrieve-it-at-a –  Feb 25 '18 at 19:13