Accessing apis with cookie session

shahaba year ago

Hello, i am not been able to access apis (get a list of devices) with only session id, i am getting 401 unauthorized error. I think we should be able to access with session cookie. Let me know if thats the case or there is something else

Anton Tananaeva year ago

You should be able to access with a session cookie, assuming the session is authenticated and you're doing everything correctly.

shahaba year ago

i am using custom frontend and instead of proxying the request, i am just calling the api end point, also my frontend is on different server than traccar

Anton Tananaeva year ago

Then how are you making sure that the cookie is included?

shahaba year ago

UPDATE:
after post session api i am getting session cookie but when i am using any other api after that (devices,users), those are blocked because cookie is not been sent in the request.
I am using fetch with credential:'include' option but still cookie is not been sent in the request.
Later on investigation i came to know about that while sending cookie server is not adding attribute of samesite=none due to which chrome is blocking and not seting cookie
https://ibb.co/7k8PB49
Let me know how can i fix this or there is something i misunderstood

Anton Tananaeva year ago

That's why I always recommend proxying your API requests.

shahaba year ago

But Even after proxing request, the same-site is issue is not resolve as i cannot host frontend and backend on the same server, and due to chrome recent update which takes session cookie without same-site attribute as LAX.

Anton Tananaeva year ago

What? Proxy solves exactly that issue.