HTTP-Request "Session Expired"

Team, this ties into my original request but is different so I am creating a new topic. Still working at this temporary middleware app to do a couple of functions using the HTTP-Request node and I've hit a new roadblock. I can login and logoff with the session cookie without any issue but any request in between fails with "session expired" regardless of passing the cookie. I believe it is something on their end but I could be mistaken on how I am using the http request nodes. Here is the basics of the flow and the results.

HTTP-Request node using their format.
Function to modify the response (thanks to Steve-Mcl and UnborN, your help has been paramount).

msg.headers = msg.headers || {}; //Set headers to an object
msg.headers["cookie"] = msg.headers["set-cookie"] //Copy set-cookie to cookies
//delete msg.payload //clear any payloads so as not to clog up the calls

let avcookie = ""
let session = ""
let ts = ""
let newMsg = {}  // clean new msg

// filter cookies from previous reply 
msg.headers["cookie"].forEach(el => {

    if (el.startsWith("AV-Cookie=")) avcookie = el.split(";")[0]
    if (el.startsWith("session=")) session = el.split(";")[0]
    if (el.startsWith("TS01a6bd37=")) ts = el.split(";")[0]
})

newMsg.headers = {
    "Cookie": `${avcookie}; ${session}; ${ts};`,
    "Accept": "application/json",
    "accept-encoding": "gzip,deflate",
    "cache-control": "no-cache",
    "Content-Type": "application/json",
    "keep-alive": "timeout=5"
}
delete msg.headers["set-cookie"]
return newMsg;

Login Response:

{"_msgid":"19420943d2f7ef97","payload":{"version":"7.44.0","session":"E2000151-BCD1-4FB3-9862-C6CA97A5127F"},"topic":"","headers":{"cache-control":"no-cache","keep-alive":"timeout=5","content-type":"application/json; charset=utf-8","set-cookie":["session=E2000151-BCD1-4FB3-9862-C6CA97A5127F; Secure; HttpOnly; Path=/;samesite=none","AV-Cookie=!SVH2Nt0TMwcMCdIueq1NBsctUyzZDof5XhhYNa0W5sE9LiOPnxaimswFb8Q+cpaSAhFkIhPxCn/2NA==; path=/; Httponly; Secure;samesite=none","TS01a6bd37=01cf42f8a62a247b9b656ddc9ff3a2a88050c1db49be73e690bb5d657a0b7552291d5285b6f78e10dfc9803b88462ad9cac3a9434f6c5cea7e34e6d6c80c3e97ad622af08c78aee27781357eb01d345405a8880dfe; Path=/; Secure; HTTPOnly;samesite=none"],"date":"Mon, 28 Feb 2022 05:09:47 GMT","content-length":"69","x-frame-options":"SAMEORIGIN","x-xss-protection":"1; mode=block","x-content-type-options":"nosniff","content-security-policy":"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self'","strict-transport-security":"max-age=16070400; includeSubDomains","vary":"Accept-Encoding"},"statusCode":200}

Lookup Request:

{"headers":{"Cookie":"AV-Cookie=!SVH2Nt0TMwcMCdIueq1NBsctUyzZDof5XhhYNa0W5sE9LiOPnxaimswFb8Q+cpaSAhFkIhPxCn/2NA==; session=E2000151-BCD1-4FB3-9862-C6CA97A5127F; TS01a6bd37=01cf42f8a62a247b9b656ddc9ff3a2a88050c1db49be73e690bb5d657a0b7552291d5285b6f78e10dfc9803b88462ad9cac3a9434f6c5cea7e34e6d6c80c3e97ad622af08c78aee27781357eb01d345405a8880dfe;","Accept":"application/json","accept-encoding":"gzip,deflate","cache-control":"no-cache","Content-Type":"application/json","keep-alive":"timeout=5"},"_msgid":"19420943d2f7ef97","payload":{"set":{"Search::object":"ts_ticket","Search::search_history_type":"","Search::page_size":10000,"Search::extract_max_rows":10000,"Query::max_rows":"","Query::current_page":1,"Query":{"ResultMember":{"+1":{"name":"Performance.performance_short_description","order":"1"},"+2":{"name":"Performance.performance_name","order":"2"},"+3":{"name":"Performance.performance_start_date","order":"3"},"+6":{"name":"Performance.performance_id","order":"6"}},"Clause":{"+1":{"name":"Performance.performance_start_date","type":"matchCondition","oper":">=","value":"+0D"},"+2":{"name":"Performance.performance_start_date","type":"matchCondition","oper":"<=","value":"+1D"}}}},"actions":[{"method":"search","acceptWarnings":[4276]}],"get":["Result","Query::current_page","Query::total_records"]}}

Response to lookup:

{"headers":{"cache-control":"no-cache","keep-alive":"timeout=5","content-type":"application/json; charset=utf-8","set-cookie":["session=; Secure; HttpOnly; SameSite=Strict; Path=/","AV-Desktop=!NdW/dWEqUZ/apBIueq1NBsctUyzZDqc14Vw2mWA0gbE3Efob3dKr82OaFp2rhxftryfC1A7+xTZuSx8=; path=/; Httponly; Secure"],"x-powered-by":"ARR/3.0","date":"Mon, 28 Feb 2022 05:09:47 GMT","content-length":"65","x-frame-options":"SAMEORIGIN","x-xss-protection":"1; mode=block","x-content-type-options":"nosniff","content-security-policy":"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self'","strict-transport-security":"max-age=16070400; includeSubDomains","vary":"Accept-Encoding"},"_msgid":"19420943d2f7ef97","payload":{"version":"7.44.0","errorCode":"99","message":"Session Expired"},"statusCode":200}

Time Delayed Logoff result using the same function node:

{"headers":{"cache-control":"no-cache","keep-alive":"timeout=5","content-type":"application/json; charset=utf-8","set-cookie":["session=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; Path=/;samesite=none","TS01a6bd37=01cf42f8a663b5ba0e06f595bb0fd04eac86b01e76be73e690bb5d657a0b7552291d5285b6f78e10dfc9803b88462ad9cac3a9434f1ce993bb814f63d1567c073b24f91939834359401c3d3d8726a78c832e2ba32f; Path=/; Secure; HTTPOnly;samesite=none"],"date":"Mon, 28 Feb 2022 05:09:49 GMT","content-length":"69","x-frame-options":"SAMEORIGIN","x-xss-protection":"1; mode=block","x-content-type-options":"nosniff","content-security-policy":"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self'","strict-transport-security":"max-age=16070400; includeSubDomains","vary":"Accept-Encoding"},"_msgid":"19420943d2f7ef97","payload":{"version":"7.44.0","session":"E2000151-BCD1-4FB3-9862-C6CA97A5127F"},"statusCode":200}

Clearly you can see it is using the session cookie. I have a support request into the provider as to what else could be causing it. I suspect it might be a "maxage" issue or something but I'm not certain. I'm still in the same boat with Postman working just fine. All of my tracking of the transactions matches up the headers and cookies. The only thing I can see different is postman generating it's own cookie across the transactions. Could it be possible that I need to unify my requests using an additional generated session cookie specific to node? Thanks for looking.

This was resolved in another topic and by my own oversight. Link to the other thread below.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.