Session api doesn't set JSESSIONID automatically in browser cookies
Browser should set cookie automatically. If it doesn't, there is probably something wrong with your browser or maybe you are doing something wrong.
Token in part of user model.
If my browser doesn't save cookie (maybe some ajax request issue), can I send the same cookie (JSESSIONID=somestring) in other apis' request headers to make it work? If yes, in what header should I send it?
It should be in cookie header.
When I tried to send it using JS xmlHttpRequest, it didn't allow me to send. Is it browser security policy?
Probably. I think this is not the right place to ask those questions. It seems like you have some problems with your JavaScript that are not caused by server side. I would recommend asking on StackOverflow.
Okay. Thank you very much.
When I login using POST session api using email and password, it logs in successfully. Then I change the browser location to home page and call other api for devices. But now I get 401 error. This means session is not created. Now I have 2 questions:
Question 1: I read some other topics here and answers on github, which say you have to set JSESSIONID manually. Doesn't it set it automatically?
Question 2: In your GET session api, you've mentioned "token" query parameter. Where can I read about this token? What is it? How do I get it to get the session?