The session resource can be used to store data in a session object and retrieve them for later use. Each login is associated with a session object in the M/Monit server.

Available methods:

GET POST /session/put Store a value in session
GET POST /session/get Get value from session
GET POST /session/delete Delete a session value


Add or update the session attribute identified by key (several key=value pairs can be used to add/update multiple attributes at once). If a named attribute already exist, its old value is replaced.

curl -b ~/.mmonit/cookie \
 -d "myvar1=hello&myvar2=world" \


<key=value> string required The key attribute defines the key used to store the data in the session with the specified value


Returns the session attribute matching the key argument (key can be used multiple times). If no keys are specified, all stored attributes in the session are returned.

curl -b ~/.mmonit/cookie \
 -d "key=myvar1&key=myvar2" \


key string optional The key used to store the data in the session


<key> The session attribute key value
    "myvar1": "hello",
    "myvar2": "world"


Delete session attributes matching key. If no keys were specified, delete all stored attributes (key can be used multiple times).

curl -b ~/.mmonit/cookie \
 -d "key=myvar1&key=myvar2" \


key string required The key of the session attribute to delete


CSRF-protection can be turned off by adding the request parameter z_csrf_protection=off at login. See the cURL example. If you choose to keep CSRF-protection on, you will need to obtain the CSRF-token from session and include it as a HTTP-header or as a Request Parameter.

Here is an example where we use jQuery to read the CSRFToken off M/Monit's Session API and ensure that the CSRF-token is added as a HTTP header before any Ajax request on the page is sent.

$.getJSON('session/get?key=CSRFToken', function (session) {
  $(document).ajaxSend(function(e, jqXHR, settings) {
    if (settings.type === "POST")
      jqXHR.setRequestHeader('CSRFToken', session.CSRFToken);