REST API knowledge exchange
Post Reply
yamakawa
Novice
Posts: 8
Liked: never
Joined: Oct 02, 2020 7:11 am
Contact:
Contact yamakawa

How to identify the current logon session

Post by yamakawa »

Hi.

To perform logout, I call the API as follows

Code: Select all

#!/usr/bin/python3
import requests
import json

def delete_session(session_id):
  headers = {
    'X-RestSvcSessionId': session_id,
    'Accept': 'application/json'
  }
  url = 'https://<ip address>/api/logonSessions'
  res = requests.get(url, headers=headers, verify=False)
  
  data = json.loads(res.text)
There may be more than one LogonSessions.
If this happens, is there a way to identify my session?
I feel like I can identify them by decrypting the session_id with base64, is this the right way to do it?

Thank you for reading.
If anyone knows more about this, I'd like to hear your answer.
Top
oleg.feoktistov
Veeam Software
Posts: 2010
Liked: 670 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:
Contact oleg.feoktistov

Re: How to identify the current logon session

Post by oleg.feoktistov »

Hi @yamakawa,

The id of your current logon session is contained in the response you receive from /sessionMngr/?v=latest
endpoint upon login (Href property).
The workflow:
  • Save the value of that Href property globally firsthand
  • Query /logonSessions endpoint
  • Filter received data by the session id you saved initially
  • Construct new url with the current session id
  • Send delete request to the corresponding url
So, if I were to use python to logout, I would do the following:

Code: Select all

url ='https://<EnterpriseManager>:9398/api/sessionMngr/?v=latest'
response = requests.post(url, headers=headers, verify=False)
data = json.loads(response.text)
current_session = data['Href']
current_session_id = re.search('........-....-....-....-............', current_session)
current_session_id = current_session_id.group(0)


def delete_logon_session():
  logon_sessions_url = 'https://<EnterpriseManager>:9398/api/logonSessions'
  token = response.cookies['X-RestSvcSessionId']
  headers = {
    'X-RestSvcSessionId': f'{token}',
    'Accept': 'application/json',
    'Content-Type': 'application/json'
  }
  logon_response = requests.get(logon_sessions_url, headers=headers, verify=False)
  data = json.loads(logon_response.text)
  logon_sessions = data['LogonSessions']
  for session in logon_sessions:
    session_id = session['SessionId']
    session_url = f'{logon_sessions_url}/{session_id}'
    if session_id == current_session_id:
      print(f' Deleting session with id: {session_id}')
      requests.delete(session_url, headers=headers, verify=False)

delete_logon_session()
Hope it helps,
Oleg
Top
chris.arceneaux
VeeaMVP
Posts: 695
Liked: 374 times
Joined: Jun 24, 2019 1:39 pm
Full Name: Chris Arceneaux
Location: Georgia, USA
Contact:
Contact chris.arceneaux

Re: How to identify the current logon session

Post by chris.arceneaux »

I recommend the approach outlined by @oleg.feoktistov as well.

If you'd like to find your current session ID after you've already logged in, the below API call will also give you what you want:
Top
yamakawa
Novice
Posts: 8
Liked: never
Joined: Oct 02, 2020 7:11 am
Contact:
Contact yamakawa

Re: How to identify the current logon session

Post by yamakawa »

@oleg.feoktistov, @chris.arceneaux

Thanks to your reply.

I didn't realize that the text (body) of the response holds the session ID when creating the login session.
(I was only looking at the response header.)

Question answered. Thank you.
Top
Post Reply

Return to “REST API”



Who is online

Users browsing this forum: No registered users and 1 guest