Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello,
We're trying to connect to the QRS API trough web browser using Ticket auth. To do it, we need to get the ticket (done) and pass the generated session cookie to every request we make. The problem comes when the cookie is in a different subdomain than our web application, because we can't get it.
The first solution we tried to implement was to add a stub file within our qlik server and load it inside an iframe of our application who could get the cookie and give back it's value through a window post message. The problem is that the cookie is protected (htmlonly) and we can't read it's value using javascript.
What else can we do to be able to connect to the QRS API? There is another way to get the cookie value or even to not to use it?
Hi,
a bit late to answer but maybe you or someone else can find some help in this.
It's unclear to me how you can get the X-Qlik-Session cookie from a different subdomain than your QRS is, and presumably that's where the whole Qlik Sense server is also located.
I'm no expert on creating Qlik cookies, but one way to circumvent your subdomain problem is to use a reverse proxy. This middle-server could act as a gateway to different subdomains. The browser should send it's cookies every time since it cannot see where the request is connected after the first step.
More on reverse proxy can be found here: https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/