Session

The session resource can be used to store data in a session object and retrieve them for later use. Each login is associated with a session object in the M/Monit server.

Available methods:

put

Add or update the session attribute identified by key (several key=value pairs can be used to add/update multiple attributes at once). If a named attribute already exist, its old value is replaced.

curl -b ~/.mmonit/cookie \
 -d "myvar1=hello&myvar2=world" \
 http://127.0.0.1:8080/api/1/session/put

Arguments

get

Returns the session attribute matching the key argument (key can be used multiple times). If no keys are specified, all stored attributes in the session are returned.

curl -b ~/.mmonit/cookie \
 -d "key=myvar1&key=myvar2" \
 http://127.0.0.1:8080/api/1/session/get

Arguments

Output

{
    "myvar1": "hello",
    "myvar2": "world"
}

delete

Delete session attributes matching key. If no keys were specified, delete all stored attributes (key can be used multiple times).

curl -b ~/.mmonit/cookie \
 -d "key=myvar1&key=myvar2" \
 http://127.0.0.1:8080/api/1/session/delete

Arguments

invalidate

Invalidates session and unbinds any objects bound to it. This will logout from the M/Monit server because a login is associated with a session object.

curl -b ~/.mmonit/cookie \
 http://127.0.0.1:8080/api/1/session/invalidate

CSRF-token

CSRF-protection can be turned off by adding the request parameter z_csrf_protection=off at login. See the cURL example. If you choose to keep CSRF-protection on, you will need to obtain the CSRF-token from session and include it as a HTTP-header or as a Request Parameter.

Here is an example where we use jQuery to read the CSRFToken off M/Monit's Session API and ensure that the CSRF-token is added as a HTTP header before any Ajax request on the page is sent.

$.getJSON('session/get?key=CSRFToken', function (session) {
  $(document).ajaxSend(function(e, jqXHR, settings) {
    if (settings.type === "POST")
      jqXHR.setRequestHeader('CSRFToken', session.CSRFToken);
  });
});