cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X

Authentication issues with appKey in HTTP session, alternating

dwightwhe
1-Newbie

Authentication issues with appKey in HTTP session, alternating

Hi,

not sure if this is a known issue or even an issue at all, but I observe the following behavior when working in a HTTP session when using an appKey only, e.g. when accessing the REST API and not logging in.

E.g. open a Chrome incognito window. Paste in a URL with an appKey

The first time this call returns the desired result. The second time (hit Ctrl-R or refresh), I get an error page:

"HTTP Status 401 - No authType or appKey parameter has been specified for Authentication Scheme: AUTH_THINGWORX_APPKEY"

Another Ctrl-R refresh brings back the normal call result and the next one again the error. It alternates.

The same alternating errors occur from within my http client library that I use to access the REST API when I use sessions. This basically requires that I cannot use the session capability and must create a new request every single call. Also happens in a normal browser window when not doing password authentication.

After password authentication with ThingWorks, it works fine in normal browser windows.

Is this intended or an issue?

Thanks!

4 REPLIES 4

Hi Dwight,
Do you also use the x-thingworx-session=true in the url?
I had this behaviour when not using this url parameter set to true.

BR,
Vladimir



Thanks Vladimir,

this solves it.
Best

Hi,

With the option "x-thingworx-session=true", a session will be created. Does it mean that the user has to logout before wanting to login with another user ?

Regards,

mhollenbach
5-Regular Member
(To:qn)

If the user does not logout, their session will remain active until the Tomcat session timeout property has been met. The default value is 30 minutes, but the User will be able to create as many active sessions as they want. You can test this by opening your browser in Incognito Mode.

Meghan

Top Tags