Hi I am trying to use firefox poster plugin to test my entity security access. However I keep getting a message saying: {"result":"Invalid session, please login"} I have put the url as: http://localhost:8080/xas/ I have my content type as:application/json; charset=UTF-8 My content as: {"action":"retrievebyxpath","params":{"xpath":"//AuditTrail.LogLine","schema":{},"count":false,"aggregates":false}} I then have my 3 headers with the correct cookie information: XASSESSIONID EXTENDCOOKIE XASID Is there anything else that i have missed? Because it keeps saying invalid session when I know it is a valid session. Thanks
asked
Simon Black
1 answers
2
You must set not only the XASSESSIONID, EXTENDCOOKIE and XASID as headers but also the X-Csrf-Token and X-Mx-ReqToken headers. This is to prevent cross site request forgery.