Reputation: 11814
How to pass the session id though cookie in postman and get logged in?
I am trying to create some API for my application.
I also have a normal website.
I am not using any secure connection.
Assuming I login into my normal website and then copy the session-id using inspect tools. and using postman set the cookie to the API and send the request, will the authentication middleware set the request.user based on the session-id.
Upvotes: 2
Views: 3246
Answers (1)
Reputation: 4404
Yes, if you copy all cookies acquired from normal browser login into Postman - back-end will check this same cookie (until postman or user logouts and makes this session-id invalid) and set user according to it.
However, as you stated, you are not using any secure connection. This is really bad practice. Nowadays https is almost standard in any ways of communication, let alone having any authentication info included. So you should definitely check using https for django site. If you are making an API for django app - check Django Rest Framework.
Also, APIs may work with some kind of password / token authentication. Only browser js-code (ajax, etc) may use Session Authentication, API calls from mobile apps / terminal should not.
Upvotes: 1
Related Questions
- Postman not sending session cookie
- django session key during session
- Django no sessionid in cookie
- How to pass session variable in postman
- How to make Django sessionId cookie as secure
- How to set cookies by using Django?
- Django: Properly Setting Cookies For Login
- Django - session key of actuall logged user, not possible to get from request
- How to set cookie at user authentication in Django ?
- How do i use Django session to read/set cookies?