Share this page
site-session
Description
Open a site session by using the LWSSO token you obtained from getting authenticated.
URL
/qcbin/rest/site-session
Remarks
Starting from ALM 12.60, you can restrict API access to a white-list of client types, using the RESTAPI_ACCESS_APIKEY_ONLY site parameter. This requires adding a Client-Type attribute to the header of the site-session resource. For details, see Restrict API access.
To specify a client type or timeout when creating a session, POST an XML compliant with the Session-parameters Schema.
The input XML is optional. The default values are:
- Client type = "REST Client"
- Timeout = 60 minutes
- No licenses consumed
Add the QCSession cookie returned by a POST to the next request. In all subsequent requests, return the QCSession cookie returned by the previous response.
On a successful POST, the site-session resource returns an XSRF-TOKEN cookie. In all subsequent requests, include an X-XSRF-TOKEN header, having the value of the XSRF-TOKEN cookie. Failure to do so may create a security risk and make your application incompatible with other client types. See Session Management.
HTTP Methods
GET: Resets the timeout clock. This extends the lifetime of the session.
PUT: Resets the timeout clock. This extends the lifetime of the session.
DELETE: Deletes the current session.
POST: Creates a new session.
| Media Type | GET
| PUT
| DELETE
| POST
|
|---|---|---|---|---|
| application/xml |  | | | |
*/* No input. PUT creates default client type | | | | |
Returns
No HTML body returned. On a successful POST, this request returns ALM_USER, QCSession, and XSRF-TOKEN in Set-Cookie.
One of the HTTP Return Codes.
DELETE returns cookie expiration. For example:
Set-Cookie: QCSession=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
POST returns a QCSession cookie and an XSRF-TOKEN cookie.
See Also
