Cookies

How MySiga knows you are logged and keeps communication with Siga 3?

MySiga API uses the same pattern of keeping track of your session as Siga 3 does, through the PHPSESSID cookie. Cookies are a common and well-secured way to keep track of sessions.

During the login process, MySiga will set and destroy some cookies, and also passes these cookies on the requests responses you do, so you can manage it easily in other ways if you're not using a browser or a cookie management package. These are all the possible cookies MySiga may set:

PHPSESSID cookie is always required!

  • PHPSESSID The main cookie to manage your session, you will mostly need to do all request that requires you to be logged on Siga 3.

  • captcha Is only set if you get your password wrong a fill times in a row, it's used only during the login process. It contains a JSON string with the captcha id and required data for the client to solve it. It's not required to be sent it back, since the API uses a copy of it on the session data. U still need to send the solution separately when login.

  • challenge This cookie is used only during the login process. It contains a key that is used to encrypt your password before sending it to Siga 3. It's not required to be sent it back, since the API uses a copy of it on the session data.

How to get a cookie?

The HTTP/2 protocol set cookies on the response header, one per line:

set-cookie: PHPSESSID=6e30936b126fc2f1f42c29295d5199b3; path=/
set-cookie: challenge=1263705899640cc28118898; path=/

How to send the cookie back?

If you are not in a browser environment, cookies are not managed automatically, below there are some examples of how to do it manually:

curl --url https://mysiga.laravieira.me/load --cookie 'PHPSESSID=6e30936b126fc2f1f42c29295d5199b3; challenge=1263705899640cc28118898'

PreviousSiga 3Next/load

Last updated