Qlik Community

Ask a Question

Qlik Sense Integration, Extensions, & APIs

Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.

Welcome to our newly redesigned Qlik Community! Read our blog to learn about all the new updates: READ BLOG and REPORTED ISSUES
Showing results for 
Search instead for 
Did you mean: 

session cookie is not working when using header authentication with virtual proxy

We have Qlik Sense September 2019 - 13.42.1

We are trying to access qlik from our company mobile app 

from qlik side, we added a virtual proxy and set the authentication method as "header authentication static user directory"

when accessing qlik 

curl -I -k -c cookie.txt "https://<qlik base usrl>/<virtual proxy>/hub/my/work" -H "<header-name>: userid"

receiving success response 

HTTP/1.1 200 OK
Set-Cookie: X-Qlik-Session-prefix={23DA935C-D834-43BA-AA16-9F1ADCB88879}:17652123-3146-41d7-ae63-7cf8271a0295; Path=/; HttpOnly; Secure

when trying from mobile browser or from curl passing same received cookie in other following requests, qlik respond "Could not authenticate the request: Expected an authentication header", while same session cookie is set in the request

curl 'https://<qlik base usrl>/<virtual proxy>/hub/stream/e7a976fd-eff3-426f-ad88-12c97bd6d22d' \
-H 'Connection: keep-alive' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Sec-Fetch-Site: none' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-User: ?1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Accept-Language: en-US,en;q=0.9,ar;q=0.8' \
-H 'Cookie: X-Qlik-Session-<prefix>={23DA935C-D834-43BA-AA16-9F1ADCB88879}:17652123-3146-41d7-ae63-7cf8271a0295' \
--compressed \

The only way to make it work by forcing browser to pass  user header in all  requests, which is not logic

Can you please help?

2 Replies

I am seeing the same issue. did you find a fix?


no, I didn't find a solution till know