Post sessions from field devices remain active

orhand · ‎Jan 16, 2015

We have devices posting data to TW server via HTTP post requests. I want the sessions related to these device posts to end immediately because it ends up having thousands of active sessions at any given time. P.S. we have the "connection : close " line in the post request.

Any help will be appreciated.

paic · ‎Jan 16, 2015

Are you using an application key for authentication? When using an application key, no session should be established,unless specifically specified.

orhand · ‎Jan 17, 2015

OK. will try that. Thank you.

orhand · ‎Jan 17, 2015

So I tried to use the REST API with an app key. I got a strange behavior just like as described in this post:

https://twc.thingworx.com/Thingworx/Runtime/index.html#master=ThingWorxCommunity&mashup=TWCBlogSearchResult&blog=GeneralCommForum&entryID=34972

"

E.g. open a Chrome incognito window. Paste in a URL with an appKey

http://www.server.com:8080/Thingworx/Things/Thing/Properties?appKey=9eb5f9d7-fb84-4026-a85a-98abc11dcea9&Accept=application/JSON

The first time this call returns the desired result.

The second time (hit Ctrl-R or refresh), I get an error page:

"HTTP Status 401 - No authType or appKey parameter has been specified for Authentication Scheme: AUTH_THINGWORX_APPKEY"

Another Ctrl-R refresh brings back the normal call result and the next one again the error. It alternates."

Haven't tried on the devices yet, but I presume the behavior when trying to update data from the devices will be similar. Any idea what causes this ?

Orhan

VladimirRosu · ‎Jan 19, 2015

Hi Orhan,

Did you also try with the parameter x-thingworx-session=true added to the http request?Happens to me all the time if I don't set this parameter to true.Good luck!Vladimir

VladimirRosu · ‎Jan 19, 2015

x-thingworx-session=true ?

VladimirRosu · ‎Jan 19, 2015

Hi Orhan,

Please check my answer to the post you mention (copy and paste the link in a browser).
I'm having some trouble answering directly here in the forum, as the most important part is missing from my reply (I reported the bug).
It involves setting a parameter to true in the HTTP call.

BR,
Vladi

VladimirRosu · ‎Jan 19, 2015

<pre>x-thingworx-session=true</pre>

orhand · ‎Jan 19, 2015

Hi Vladimir,

The thing is, I am trying to eliminate active sessions from the devices so turning the session to true is not what I want.

Nevertheless, I tested the appKey with a php content retriever and it does the trick. It can be called repeatedly with no problems. I think the issue is only when using a browser. I will check with the device firmware to see if there are any problems.

Thanks for all the input.

Regards,

Orhan

orhand · ‎Jan 19, 2015

Hi Vladimir,

The thing is, I am trying to eliminate active sessions from the devices so turning the session to true is not what I want.

Nevertheless, I tested the appKey with a php content retriever and it does the trick. It can be called repeatedly with no problems. I think the issue is only when using a browser. I will check with the device firmware to see if there are any problems.

Thanks for all the input.

Regards,

Orhan

paic · ‎Jan 19, 2015

Glad the appKey works. That is exactly what its use case is. Also these calls are not meant to be in browser.

mattw1 · ‎Apr 08, 2015

We are making an HTML/Javascript SPA website that needs to access ThingWorx services via the REST API calls. This is a very simple website that we hope requires no server-side (PHP) code.

I am testing the API calls in PostMan (Browser-based) and the only way I am able to successfully make a call is if I create a session. Is there no way to make a Javascript/Browser-based API call to a ThingWorx platform server without creating a session??

-Matt

paic · ‎Apr 08, 2015

Are you using an appKey?

What we've noticed is that when using a REST API tool that does browser based type calls, you will fail auth every other call even when using the appKey.

This doesn't apply when you are using a 'true' rest call.

This is something on the bug list to be fixed.