The session resource can be used to store data in a session object and retrieve them for later use. Each login is associated with a session object in the M/Monit server.

Available methods:

GET POST /api/2/session/put Store a value in session
GET POST /api/2/session/get Get value from session
GET POST /api/2/session/delete Delete a session value
GET POST /api/2/session/invalidate Invalidate the session

put

Add or update the session attribute identified by key (several key=value pairs can be used to add/update multiple attributes at once). If a named attribute already exist, its old value is replaced.

Arguments

<key=value> string required The key attribute defines the key used to store the data in the session with the specified value
curl -b ~/.mmonit/cookie \
 -d "myvar1=hello&myvar2=world" \
 https://127.0.0.1:8080/api/2/session/put

get

Returns the session attribute matching the key argument (key can be used multiple times). If no keys are specified, all stored attributes in the session are returned.

Arguments

key string optional The key used to store the data in the session
curl -b ~/.mmonit/cookie \
 -d "key=myvar1&key=myvar2" \
 https://127.0.0.1:8080/api/2/session/get

Output

<key> The session attribute key value
{
    "myvar1": "hello",
    "myvar2": "world"
}

delete

Delete session attributes matching key. If no keys were specified, delete all stored attributes (key can be used multiple times).

Arguments

key string required The key of the session attribute to delete
curl -b ~/.mmonit/cookie \
 -d "key=myvar1&key=myvar2" \
 https://127.0.0.1:8080/api/2/session/delete

invalidate

Invalidates session and unbinds any objects bound to it. This will logout from the M/Monit server because a login is associated with a session object.

curl -b ~/.mmonit/cookie \
 https://127.0.0.1:8080/api/2/session/invalidate

CSRF-token

CSRF-protection can be turned off by adding the request parameter z_csrf_protection=off at login. See the cURL example. If you choose to keep CSRF-protection on, you will need to obtain the CSRF-token from session and include it as a HTTP-header or as a Request Parameter.

Here is an example where we use jQuery to read the CSRFToken off M/Monit’s Session API and ensure that the CSRF-token is added as a HTTP header before any Ajax request on the page is sent.

$.getJSON('session/get?key=CSRFToken', function (session) {
  $(document).ajaxSend(function(e, jqXHR, settings) {
    if (settings.type === "POST")
      jqXHR.setRequestHeader('CSRFToken', session.CSRFToken);
  });
});