topic session cookie is not working when using header authentication with virtual proxy in Integration, Extension & APIs

session cookie is not working when using header authentication with virtual proxy

abadreamer — Sat, 16 Nov 2024 01:32:00 GMT

We have Qlik Sense September 2019 - 13.42.1

We are trying to access qlik from our company mobile app

from qlik side, we added a virtual proxy and set the authentication method as "header authentication static user directory"

when accessing qlik

curl -I -k -c cookie.txt "https://<qlik base usrl>/<virtual proxy>/hub/my/work" -H "<header-name>: userid"

receiving success response

HTTP/1.1 200 OK
Set-Cookie: X-Qlik-Session-prefix={23DA935C-D834-43BA-AA16-9F1ADCB88879}:17652123-3146-41d7-ae63-7cf8271a0295; Path=/; HttpOnly; Secure

when trying from mobile browser or from curl passing same received cookie in other following requests, qlik respond "Could not authenticate the request: Expected an authentication header", while same session cookie is set in the request

curl 'https://<qlik base usrl>/<virtual proxy>/hub/stream/e7a976fd-eff3-426f-ad88-12c97bd6d22d' \
-H 'Connection: keep-alive' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Sec-Fetch-Site: none' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-User: ?1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Accept-Language: en-US,en;q=0.9,ar;q=0.8' \
-H 'Cookie: X-Qlik-Session-<prefix>={23DA935C-D834-43BA-AA16-9F1ADCB88879}:17652123-3146-41d7-ae63-7cf8271a0295' \
--compressed \

The only way to make it work by forcing browser to pass user header in all requests, which is not logic

Can you please help?

Re: session cookie is not working when using header authentication with virtual proxy

mm_mercer — Fri, 11 Dec 2020 13:07:31 GMT

I am seeing the same issue. did you find a fix?

Re: session cookie is not working when using header authentication with virtual proxy

abadreamer — Sun, 13 Dec 2020 16:22:51 GMT

no, I didn't find a solution till know

Re: session cookie is not working when using header authentication with virtual proxy

ohenrichs — Thu, 18 Jul 2024 14:37:04 GMT

To whom it may concern: The cookie seems irrelevant for the auth method 'Header authentication dynamic user directory'.

Opening a Websocket is done by setting the 'Header authentication header name' to the '$ud $id'- combination configured in the "header authentication dynamic user directory".

e.g. if

"Header authentication header name" is set to 'test-user',
"header authentication dynamic user directory" is set to '$ud@$id'
and a user has user directory 'TEST' and username 'testuser',

then setting the parameters

{ "test-user": "TEST@testuser" }

just works. It also attaches existing sessions on other machines.