Session
The session resource can be used to store data in a session object and retrieve them for later use. Each login is associated with a session object in the M/Monit server.
Available methods:
GET POST |
/api/2/session/put | Store a value in session |
GET POST |
/api/2/session/get | Get value from session |
GET POST |
/api/2/session/delete | Delete a session value |
GET POST |
/api/2/session/invalidate | Invalidate the session |
put
Add or update the session attribute identified by key (several key=value pairs can be used to add/update multiple attributes at once). If a named attribute already exist, its old value is replaced.
Arguments
| <key=value> | string | required | The key attribute defines the key used to store the data in the session with the specified value |
curl -b ~/.mmonit/cookie \
-d "myvar1=hello&myvar2=world" \
https://127.0.0.1:8080/api/2/session/put
get
Returns the session attribute matching the key argument (key can be used multiple times). If no keys are specified, all stored attributes in the session are returned.
Arguments
| key | string | optional | The key used to store the data in the session |
curl -b ~/.mmonit/cookie \
-d "key=myvar1&key=myvar2" \
https://127.0.0.1:8080/api/2/session/get
Output
| <key> | The session attribute key value |
{
"myvar1": "hello",
"myvar2": "world"
}
delete
Delete session attributes matching key. If no keys were specified, delete all stored attributes (key can be used multiple times).
Arguments
| key | string | required | The key of the session attribute to delete |
curl -b ~/.mmonit/cookie \
-d "key=myvar1&key=myvar2" \
https://127.0.0.1:8080/api/2/session/delete
invalidate
Invalidates session and unbinds any objects bound to it. This will logout from the M/Monit server because a login is associated with a session object.
curl -b ~/.mmonit/cookie \
https://127.0.0.1:8080/api/2/session/invalidate
CSRF-token
CSRF-protection can be turned off by adding the request parameter z_csrf_protection=off at login. See the cURL example. If you choose to keep CSRF-protection on, you will need to obtain the CSRF-token from session and include it as a HTTP-header or as a Request Parameter.
Here is an example where we use jQuery to read the CSRFToken off M/Monit’s Session API and ensure that the CSRF-token is added as a HTTP header before any Ajax request on the page is sent.
$.getJSON('session/get?key=CSRFToken', function (session) {
$(document).ajaxSend(function(e, jqXHR, settings) {
if (settings.type === "POST")
jqXHR.setRequestHeader('CSRFToken', session.CSRFToken);
});
});