cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible to log into B1 ServiceLayer with Cookies

mkraus92
Explorer
0 Kudos

Hi all,

i am trying to create a HTML5 Application which holds logged in ServiceLayer Session after reloading the Page.

If i log into the Service Layer using Postman i get following Header Details:

Connection →Keep-Alive
Content-Encoding →gzip
Content-Length →174
Content-Type →application/json;odata=minimalmetadata;charset=utf-8
DataServiceVersion →3.0
Date →Thu, 16 Aug 2018 06:10:06 GMT
Keep-Alive →timeout=15, max=100
Server →Apache
Set-Cookie →B1SESSION=0669e842-a11b-11e8-8000-000c29594cad;HttpOnly;
Set-Cookie →HASH_B1SESSION=4548D83BAFE012C7E2BA5E30A504D30B19CEC467; HttpOnly
Vary →Accept-Encoding

I tried accessing the Set-Cookie inside my JS Application to no avail.

My Login inside my JS Application looks like this:

			$.ajax({
				url: serviceLayerLoginURL,
				xhrFields: {
					withCredentials: true
				},
				data: jData = JSON.stringify({
				UserName: user,
				Password: pass,
				CompanyDB: comp
			}),
				type: "POST",
				dataType: "json",
				success: function (r, status, xhr) {
					app.SessionId = r.SessionId;
					app.to("tilesPage");
					sap.ui.core.BusyIndicator.hide();
				},
				error: this.onErrorCall
			});

Now my Question is: How do i access the right Information and how do i use them to Log in without the Username, Password and optional CompanyDB?

Accepted Solutions (1)

Accepted Solutions (1)

former_member390407
Contributor
0 Kudos

Manuel,

May be I misunderstand you, but it already works as you described. The only difference is that you need to use B1SESSION and ROUTEID cookies, not the credentials.

So when a user refreshes the page you are still able to use the same cookies to perform your operations. This cookies are valid until you post to Logout resource with the same B1SESSIONID.

Actually I'm not even sure if you need to take care of cookies. If it's a web-solution browser will do everything for you (if cookies are not turned off of course). You don't need to get the sessionID from the response (this line app.SessionId = r.SessionId;). As I understand this this just FYI. Server returns cookies, browser stores them and adds to your other requests.

So, this 2 test functions work well for me even after closing and reopening the browser:

function LoginClick()
{
	$.ajax({
				url: URL + "Login",
				xhrFields: {
							withCredentials: true
						},
				data: jData = JSON.stringify({
				UserName: user,
				Password: pass,
				CompanyDB: comp
			}),
				type: "POST",
				dataType: "json",
				success: function (r, status, xhr) {
					alert("success");
				}
			});
}


function CallClick()
{
	$.ajax({
				url: URL + "Items",
				xhrFields: {
							withCredentials: true
						},
				type: "GET",
				dataType: "json",
				success: function (r, status, xhr) {
					alert("success");
				}
			});
}

So if I call LoginClick(), close the browser, open it back and call CallClick() it works fine. If I clear cookies from my SL URL I will be redirected to the standard Chrome Login form.

mkraus92
Explorer
0 Kudos

Hi Sergei,

that is what i was looking for.

The last hour i came up with another way to login again.

I stored the Login Credentials as document.cookie and gave them an expire Date.

So since i have the Login Page as my Startpage i ask after Rendering if there are cookies and just call the login function manually.

But your solution looks much simpler and nicer, i will try to implement your way.

Thank you very much!

Answers (1)

Answers (1)

former_member390407
Contributor
0 Kudos

Hi Manuel,

You need to pass CompanyDB, UserName and Password when you post to "Login" resource only. You cannot login without credentials.

The cookies (B1SESSION and ROUTEID) will be returned from the server when you call Login and you must use them for any other requests (including Logout).

The logic is the following:

  1. POST to <SlURL>/Login with the credentials in your body request
  2. Server returns cookies
  3. You request another resource with this cookies only (browser will add this cookies automatically)
  4. ...
  5. POST to <SlURL>/Logout with an empty body and your cookies to close the session

Below is the information from ServiceLayer documentation:

Login

Log in Service Layer with the specified credentials. Generally it is the first step to using the Service Layer API. Calling the Service Layer API without a login will result in failure. After logging in successfully, one session ID will be returned in HTTP response body. At the same time, two HTTP cookie items named "B1SESSION" and "ROUTEID" will be set. You do not need to relate to them if calling the Service Layer API in a browser because the browser will send them to Service Layer automatically in subsequent HTTP requests. You do need to add them to your HTTP header in a subsequent Service Layer API call. Otherwise, Service Layer will consider them as a bad request without a login.

mkraus92
Explorer
0 Kudos

Hello Sergei,

thank you for trying to help me.

I am already logging in and requesting other resources the way you described. What i am looking for is saving the xhrCredentials for a determinded time (e.g. the 30 min set in the Service Layer Properties), so i can log in without entering the Login credentials a second time after i reload the page.

If there is no way to do this with the Service Layer i guess i have to write my own Code and save the Users Credentials in a Cookie myself?

If it helps i can describe the Scenario i am trying to find a solution for:

The User logs in with his Username, Password and CompanyDB.

B1 Service Layer Session get created (with B1SESSION, ROUTEID, etc.)

HERE i want to create a Cookie

The User is doing stuff

The Page gets reloaded

What happens now is the User has to log in again with Username, Password and CompanyDB

What i want: If the Session the User just reloaded is not older than 30 minutes he doesnt have to log in again because

I automatically give the Service Layer the Cookie and let the User work on.