cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
timrodman
Advocate II
Advocate II

Passing Cookies Between HTTP Actions

Is there a way to pass cookies between HTTP actions in Microsoft Flow?

 

The first HTTP action is used to authenticate. It gives me back a cookie. Then I need to pass that cookie to a second HTTP action.

 

I was able to get this to work in PHP with a cookie jar (click here), but I can't get it to work in Microsoft Flow.

 

Note: It was actually working by passing headers a couple of weeks ago, but now it doesn't work anymore. I have a separate thread already on that issue (click here), but I thought I would start a new thread since I couldn't find any threads specifically talking about passing cookies between HTTP actions. I hope it's ok that I started a new thread.

2 ACCEPTED SOLUTIONS

Accepted Solutions

My understanding of this is through someone else who talked with Microsoft so I might not have it 100% correct, but here it is.

 

First, Microsoft broke this intentionally due do a security concern.

 

In addition, there isn't a guarantee that this method would always work due to how operations are run. It's not guaranteed that operations will be managed by the same node and a cookie can't persist cross nodes (or something like that).

 

For my situation, I was trying to get this to work with an application called Acumatica. Someone at Acumatica was able to get it working with OAuth instead of cookies. In case you interested to see how, click here.

View solution in original post

I found the solution.

 

You need to "extract" the cookie in a Variable, I Used json Analysis. Then in "advanced Options" for a "second" http request, in autorization select none and in the field cookie, only put the "set-cookie" variable.

 

It Works

 

Regards

 

View solution in original post

17 REPLIES 17
v-xida-msft
Community Support
Community Support

Hi @timrodman,

 

Could you please share a screenshot of your flow's configuration?
I afraid that there is no way to pass cookies between HTTP Actions in Microsoft Flow currently, if you would like this featured to be added soon, please submit an idea to Flow Ideas Forum:

https://powerusers.microsoft.com/t5/Flow-Ideas/idb-p/FlowIdeas

 

Best regards,

Kris

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Here is a screenshot of the configuration (except that isn't the real password):

 

2017-11-16-09-24-40.png

 

And here are the screenshots of what happens when it runs

 

2017-11-16-09-27-39.png

 

2017-11-16-09-29-04.png

 

2017-11-16-09-29-33.png

 

And the full text of the Headers Outputs / Inputs.

 

HTTP Headers Outputs

 
X-Handled-By
Acumatica-PX.Export/AuthenticationManagerModule
Set-Cookie
ASP.NET_SessionId=d5lgfpq2vjyoxsov11cqv43n; path=/; HttpOnly,UserBranch=16; path=/,Locale=Culture=en-US&TimeZone=GMTM0800A; expires=Sun, 19-Nov-2017 14:27:14 GMT; path=/,CompanyID=SalesDemo; expires=Sun, 19-Nov-2017 14:27:14 GMT; path=/,.ASPXAUTH=C2D84F2334AAF6C3DBEAD498F1B13B13E80D7A63172C7572C022A6F65A381884CD04872F20A959F8914FC739673D1BC6CE2A135AEEDC54B50CAF6222D0C98EFD344948D1947CFD6F9674CEE72D16951ED648F8AEF7C4F49485612844005FBD971A6BF10342FB427CCF6CFC48CE332576CCB6441C8B4CDB055576906E16F215B6830D8992; path=/; HttpOnly
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
Date
Thu, 16 Nov 2017 14:27:14 GMT
Content-Length
0
HTTP 2 Headers Inputs
{
  "X-Handled-By": "Acumatica-PX.Export/AuthenticationManagerModule",
  "Set-Cookie": "ASP.NET_SessionId=d5lgfpq2vjyoxsov11cqv43n; path=/; HttpOnly,UserBranch=16; path=/,Locale=Culture=en-US&TimeZone=GMTM0800A; expires=Sun, 19-Nov-2017 14:27:14 GMT; path=/,CompanyID=SalesDemo; expires=Sun, 19-Nov-2017 14:27:14 GMT; path=/,.ASPXAUTH=C2D84F2334AAF6C3DBEAD498F1B13B13E80D7A63172C7572C022A6F65A381884CD04872F20A959F8914FC739673D1BC6CE2A135AEEDC54B50CAF6222D0C98EFD344948D1947CFD6F9674CEE72D16951ED648F8AEF7C4F49485612844005FBD971A6BF10342FB427CCF6CFC48CE332576CCB6441C8B4CDB055576906E16F215B6830D8992; path=/; HttpOnly",
  "Server": "Microsoft-IIS/7.5",
  "X-Powered-By": "ASP.NET",
  "Date": "Thu, 16 Nov 2017 14:27:14 GMT",
  "Content-Length": "0"
}
HTTP 2 Headers Outputs
X-Handled-By
Acumatica-PX.Export/AuthenticationManagerModule
Set-Cookie
ASP.NET_SessionId=b5ztummf1yzvspjuairsbhro; path=/; HttpOnly,Locale=TimeZone=GMTE0000U&Culture=en-US; path=/,UserBranch=; path=/
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
Date
Thu, 16 Nov 2017 14:27:14 GMT
Content-Length
36
Content-Type
application/json; charset=utf-8
 
Someone pointed out in this thread that it seems funny that the ASP.NET_SessionId in the HTTP 2 Headers Outputs is not the same as the ASP.NET_SessionId in the HTTP 2 Headers Inputs.
 
Thanks for the suggestion to create an idea for this. I did so (click here).

I'm having the same issue connecting to a Dell/Quest KACE appliance. It uses a token that is handed back in the Headers, the token is compared to a cookie. With no cookie in flow, can't use Flow with KACE.

 

"During user authentication, a token is returned in a response header named x-dell-csrf-token. That value must be gathered by the client and sent in a similarly named request header for every subsequent request. This value is compared against a token stored in a client’s cookie. This is a common technique that helps prevent cross-site request forgery (CSRF) attacks."

Anyone from Microsoft looking to solve this?

@v-xida-msft - any suggestions on how we can approach this issue?

 

Thanks!

-AT

I spoke with MS support, they said they're aware of it and currently no fix or resolution is being offered.

samol518
New Member

Has there been any update on this issue?

Not that I've seen.

Have you found a work around for this? I'm having similar issues

Can at least the brains at Microsoft provide a workaround?

My understanding of this is through someone else who talked with Microsoft so I might not have it 100% correct, but here it is.

 

First, Microsoft broke this intentionally due do a security concern.

 

In addition, there isn't a guarantee that this method would always work due to how operations are run. It's not guaranteed that operations will be managed by the same node and a cookie can't persist cross nodes (or something like that).

 

For my situation, I was trying to get this to work with an application called Acumatica. Someone at Acumatica was able to get it working with OAuth instead of cookies. In case you interested to see how, click here.

FaiberC
Regular Visitor

I Have the same problem, the cookie is necessary to consume de API Service, I can't create a flow that takes the cookie in a get method.

 

 

I found the solution.

 

You need to "extract" the cookie in a Variable, I Used json Analysis. Then in "advanced Options" for a "second" http request, in autorization select none and in the field cookie, only put the "set-cookie" variable.

 

It Works

 

Regards

 

@FaiberC 

Can you please share how do you extract the cookie string exactly?

My response returns this string for Set-Cookie:

"sid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/,JSESSIONID=ABCDEFG123123123; Path=/; Secure; HttpOnly"

I only need to extract this part for my variable:

"JSESSIONID=ABCDEFG123123123"

How do I extract it?

Thank you

mos379
New Member

Don't you have to extract the cookie and attach this to the second request? 

Anonymous
Not applicable

How do you extract the cookie?

One way is to use the parse the header response if the json can be obtained. Another option which is complex is to use the AI builder extract key values from text, train a model and use it in your flow. 

Helpful resources

Announcements
Register for a Free Workshop.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

September Events 2022

Check out all of these events

Attend in person or online, there are incredible conferences and events happening all throughout the month of September.

Users online (1,981)