Jump to content
Welcome to our new Citrix community!

Performing WebApi login from one server, and using the cookies and tokens on a different server doesn't work

Stuart Haycroft

Recommended Posts

Using the Citrix Storefront WebAPI, we are able to use the /PostCrentialsAuth/Login endpoint to successfully logon and retrieve  the ASP.NET_SessionID,  CsrfToken and CtxsAuthId cookies. 


Subsequent requests to the WebApi using these cookies and the Csrf-Token are succesful.


However, we have a requirement to re-use this session on a number of back end servers (sometimes via a cluster)


When we use exactly the same cookies and the same headers from a different back end server, all our WebApi calls respond with a Forbidden 403.   

Going back to original server with same cookies and headers continue to work.


We are using Curl to call the WebAPI.


Are there some checks within Web proxy, or ASP.Net that  is preventing us from re-using the same tokens/cookies on a different host,  and is it possible to turn off this validation?



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...