Posted by bwallis42 on
URL: https://discuss.orbeon.com/Secure-persistence-API-access-tp4659372p4659386.html

Using the "oxf.http.forward-cookies" property doesn't seem to work for the persistence API, no cookies to be seen in the requests. It does work OK for xf:submission requests in a form, I tested various combinations.

Should this setting be working for the persistence API REST calls? I need this to work to get the authentication going.

Interestingly, if you set oxf.http.forward-cookies to the empty string "" in properties-local.xml then it gets the default value of "JSESSIONID JSESSIONIDSSO", I had to set it to a random value, "xxx", to turn it off.