I send the post request to another site, where the form is located. Identity passes normally, session is created. But when I go to this site, there is no session and I need to log in again on the site to log in to my account. Why is the session deleted after the API request? What did I miss?

    1 answer 1

    Session is valid for the client. That is, in the browser session will live until you close the last tab of the site. In the case of an API, it will close immediately after the request is completed. To re-open the same session (if it is provided for) use the response from the server that contains the authorization cookie. Which are re-sent to the server at the next request in the headers. In fact, what you do somehow smacks of the wrong architecture. But if you need to continue. Then you can analyze the response from the API, pull out the SessionID from there and send it when you re-enter the site

    If the API is pulled through CURL, then you can specify the path to save and pull up the cookies.

    $cookie = __DIR__.'/../cookie/mysite.cookie' curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie); curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie); curl_setopt($ch, CURLOPT_FORBID_REUSE, true); curl_setopt($ch, CURLOPT_ENCODING, '');

    Pay attention to:

    ResponseHeaders ['set-cookie'] - for the first request ** ResponseHeaders ['set-cookie'] ** - for the first request RequestHeaders ['cookie'] - for the second request ** RequestHeaders ['cookie'] ** - for the second request