How to identify the current logon session

[yamakawa]

Hi.

To perform logout, I call the API as follows

Code: Select all

#!/usr/bin/python3
import requests
import json

def delete_session(session_id):
  headers = {
    'X-RestSvcSessionId': session_id,
    'Accept': 'application/json'
  }
  url = 'https://<ip address>/api/logonSessions'
  res = requests.get(url, headers=headers, verify=False)
  
  data = json.loads(res.text)

There may be more than one LogonSessions.
If this happens, is there a way to identify my session?
I feel like I can identify them by decrypting the session_id with base64, is this the right way to do it?

Thank you for reading.
If anyone knows more about this, I'd like to hear your answer.

[oleg.feoktistov]

Hi @yamakawa,

The id of your current logon session is contained in the response you receive from /sessionMngr/?v=latest
endpoint upon login (Href property).
The workflow:

• Save the value of that Href property globally firsthand

• Query /logonSessions endpoint

• Filter received data by the session id you saved initially

• Construct new url with the current session id

• Send delete request to the corresponding url

So, if I were to use python to logout, I would do the following:

Code: Select all

url ='https://<EnterpriseManager>:9398/api/sessionMngr/?v=latest'
response = requests.post(url, headers=headers, verify=False)
data = json.loads(response.text)
current_session = data['Href']
current_session_id = re.search('........-....-....-....-............', current_session)
current_session_id = current_session_id.group(0)


def delete_logon_session():
  logon_sessions_url = 'https://<EnterpriseManager>:9398/api/logonSessions'
  token = response.cookies['X-RestSvcSessionId']
  headers = {
    'X-RestSvcSessionId': f'{token}',
    'Accept': 'application/json',
    'Content-Type': 'application/json'
  }
  logon_response = requests.get(logon_sessions_url, headers=headers, verify=False)
  data = json.loads(logon_response.text)
  logon_sessions = data['LogonSessions']
  for session in logon_sessions:
    session_id = session['SessionId']
    session_url = f'{logon_sessions_url}/{session_id}'
    if session_id == current_session_id:
      print(f' Deleting session with id: {session_id}')
      requests.delete(session_url, headers=headers, verify=False)

delete_logon_session()

Hope it helps,
Oleg

[chris.arceneaux]

I recommend the approach outlined by @oleg.feoktistov as well.

If you'd like to find your current session ID after you've already logged in, the below API call will also give you what you want:

• GET https://<Enterprise-Manager>:9398/api/logonSessions
  • Look at the very bottom of the response for your current session ID

[yamakawa]

@oleg.feoktistov, @chris.arceneaux

Thanks to your reply.

I didn't realize that the text (body) of the response holds the session ID when creating the login session.
(I was only looking at the response header.)

Question answered. Thank you.