Contents
The main purpose is to catch the Cookies a RestAPI response gives you and then send them back onthe request each time you are about to call an API. This is mainly when the production server has multiple balancers and cookies are necessary to identify in which balancer the user is actually at in the moment.
Yes, it is. As mentioned in the question, one of the response-header is ‘set-cookie’. In my case, the cookie isn’t set at all even though there’s a set-cookie header from the response.
A web service may need to store client-specific information between different requests or sessions. This data may include a username, goods added to the shopping cart, customization, and so on. The server puts this information to cookies and sends them to a client.
Why are cookies not allowed in a REST API?
However, cookies should not be used by a REST API if they are meant to maintain a client session on the server, such as a Session Token. This would violate the statelessness of the REST endpoint, as the server is required to know the state of each client in order to provide them with the requested resources.
How does the cookie work in the Jira REST API?
The client creates a new session for the user, via the Jira REST API . Jira returns a session object, which has information about the session including the session cookie. The client stores this session object. The client can now set the cookie in the header for all subsequent requests to the Jira REST API.
What happens if you use rest with an expired Cookie?
If you use REST with a cookie that has expired, you will receive a 401 error response from Jira. The response body will contain a message telling you that your cookie is invalid. At that point, you will need to re-authenticate to the session resource on the “auth” API.
Now, you mentioned that your specific REST endpoint sets a tracking cookie. This might be perfectly valid, because the tracking id can be seen as a property of the client that should be persisted. This cookie is probably not required by the server in order for it to serve requested resources.