Vtiger API extendsession returning authentication required

Question

I'm in the process of extending my Vtiger (V7) class to include all supported methods. I'm stuck on getting the extendsession call to work. According to the website I have to POST to:

http://vtiger_url/webservice.php?operation=extendsession

Every try fails with:

{
  "success": false,
  "error":
  {
    "code": "AUTHENTICATION_REQUIRED",
    "message": "Authencation required"
  }
}

This is my current code:

private const string UrlSegmentOperation = "webservice.php?operation=";
private const string OperationExtendSession = "extendsession";

RestClient client = new RestClient(baseUrl + UrlSegmentOperation + OperationExtendSession);
RestRequest request = new RestRequest(Method.POST);
IRestResponse restResponse = client.Execute(request);

So far I have tried GET, POST, with sessionname, username and both but still I get the same result.

Is it something that I may not have rights for? I'm supposed to have an ADMIN user and all other calls work flawlessly.

[Code is here](https://github.com/vtiger-crm/vtigercrm/blob/master/include/Webservices/ExtendSession.php). Do note the flaw, it checks for an authenticated user *and* checks the app key. So you also get this error if there is something wrong with the key. Pretty misleading. — Hans Passant, Aug 02 '18 at 13:39
Nice find, that explains the error. In my case the session variables aren't set because of the missing cookies as mentioned by @Nkosi — pritaeas, Aug 02 '18 at 14:01

Nkosi · Accepted Answer · 2018-08-02T11:30:04.467

According to linked docs.

Notice: if the user does a Extend Session then the session will be tied together, so logging out one(webservices or web client) will log the user out of the other as well. for extend session operation to work cookies must be enabled on the client browser.

(Emphasis mine)

Your new rest client would not be an already authenticated session as it does not include any cookies that were returned with the login response.

I would suggest have one client for the life time of the application for that endpoint, and also to have a shared cookie container to store any cookies that would have been returned from previous requests.

public static class Rest {
    static Lazy<RestClient> client = new Lazy<RestClient>(() => {
        var endpoint = "webservice.php";
        var endPointUrl = baseUrl + endpoint;    
        var client = new RestClient(endPointUrl);
        client.CookieContainer = new System.Net.CookieContainer();
        return client
    });

    public static RestClient Client {
        get {
            return client.Value;
        }
    }
}

By doing so, any cookies set or unset in responses will be used in subsequent requests.

The above would be used to make all requests to the web service. The cookies will be set when logging into the web service.

Including when making the call to extend the session.

private const string OperationExtendSession = "extendsession";    

var request = new RestRequest(Method.POST);
request.AddParameter("operation", OperationExtendSession);

IRestResponse restResponse = Rest.Client.Execute(request);

I missed the cookie part apparently. Since I don't have a regular application, keeping a static client is useless. I wonder if implementing the extendsession then even makes sense. — pritaeas, Aug 02 '18 at 11:34
@pritaeas You mentioned `extending my Vtiger (V7) class`. what then are you using to make the calls? — Nkosi, Aug 02 '18 at 11:39
It's a class implementing all Vtiger API functions. Although I might be able to implement extendsession with your suggested cookiecontainer (I will try your suggestion when I get the chance), it will be useless in my current use case. Currently, the class is instantiated, methods called and disposed of. — pritaeas, Aug 02 '18 at 11:49
@pritaeas but the underlying rest client and cookie container can remain to be available for reuse. — Nkosi, Aug 02 '18 at 11:51
Not im my current scenario, the process it is in is also closed and restarted (scheduled task so to speak). I'll build a regular application to test your code, am positive that would work. — pritaeas, Aug 02 '18 at 11:55

Vtiger API extendsession returning authentication required

1 Answers1