How To

How do I obtain the user's session ID in AM 5.x when browser cookies are disabled?

Last updated Jan 10, 2023

The purpose of this article is provide information on obtaining a user's session ID in AM when browser cookies are disabled. You can only achieve this when you are using AM in conjunction with Web Agents 4.x.

2 readers recommend this article

This article has been archived and is no longer maintained by ForgeRock.

Obtaining the user's session ID

The standard AM login page can only deliver the user's session ID in a Set-Cookie header. If your clients do not support browser cookies, you must use a different authentication interface instead, such as the REST API.

The agents are capable of extracting the session ID from the URL itself if you set it as a query parameter, for example:<sessionid>

However, using a query parameter like this can result in your session IDs being logged in your access logs, which is not secure. Therefore, although possible to obtain the session ID when browser cookies are disabled, it is recommended that you do use cookies for the session ID.

See Also

FAQ: Cookies in AM

Authentication and Single Sign-On Guide › About Single Sign-On

Development Guide › Developing with the REST API

Related Training


Related Issue Tracker IDs

AMAGENTS-4245 (RFE: Allow customers to pass an auth cookie as a URL parameter)

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.