How do I obtain the user's session ID in AM 5.x when browser cookies are disabled?
The purpose of this article is provide information on obtaining a user's session ID in AM when browser cookies are disabled. You can only achieve this when you are using AM in conjunction with Web Agents 4.x.
2 readers recommend this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Obtaining the user's session ID
The standard AM login page can only deliver the user's session ID in a Set-Cookie header. If your clients do not support browser cookies, you must use a different authentication interface instead, such as the REST API.
The agents are capable of extracting the session ID from the URL itself if you set it as a query parameter, for example:
agent.example.com/index.jsp?iPlanetDirectoryPro=<sessionid>However, using a query parameter like this can result in your session IDs being logged in your access logs, which is not secure. Therefore, although possible to obtain the session ID when browser cookies are disabled, it is recommended that you do use cookies for the session ID.
See Also
Authentication and Single Sign-On Guide › About Single Sign-On
Related Training
N/A
Related Issue Tracker IDs
AMAGENTS-4245 (RFE: Allow customers to pass an auth cookie as a URL parameter)