Skip to main content
Version: v18

Users and sessions

Authenticating users

As a first step to open a REST session on the 4D server, the user sending the request must be authenticated.

You log in a user to your application by passing the user's name and password to $directory/login.

Once a user is successfully logged, a session is open. See below to know how to handle the session cookie in subsequent client requests, if necessary.

The session will automatically be closed once the timeout is reached.

Each REST request is handled through a specific session on the 4D server.

When a first valid REST request is received, the server creates the session and sends a session cookie named WASID4D in the "Set-Cookie" response header, containing the session UUID, for example:


In the subsequent REST requests, make sure this cookie is included in the "Cookie" request header so that you will reuse the same session. Otherwise, a new session will be opened, and another license used.


The way to handle session cookies actually depends on your HTTP client. This example shows how to extract and resend the session cookie in the context of requests handled through the 4D HTTP Request command.

// Creating headers
ARRAY TEXT(headerNames;0)
ARRAY TEXT(headerValues;0)

APPEND TO ARRAY(headerNames;"username-4D")
APPEND TO ARRAY(headerNames;"session-4D-length")
APPEND TO ARRAY(headerNames;"hashed-password-4D")

APPEND TO ARRAY(headerValues;"kind user")
APPEND TO ARRAY(headerValues;"60")
APPEND TO ARRAY(headerValues;Generate digest("test";4D digest))

$response:=New object

//This request opens a session for the user "kind user"
$result:=HTTP Request(HTTP POST method;"$directory/login";"";\

//Build new arrays for headers with only the cookie WASID4D

//This other request will not open a new session
$result:=HTTP Request(HTTP GET method;"$catalog";"";\
// buildHeader project method  

ARRAY TEXT($headerNames;0)
ARRAY TEXT($headerValues;0)

COPY ARRAY($1->;$headerNames)
COPY ARRAY($2->;$headerValues)

$indexCookie:=Find in array($headerValues;"WASID4D@")
$uuid:= Substring($cookie;$start;$end-$start)

ARRAY TEXT($headerNames;1)
ARRAY TEXT($headerValues;1)


COPY ARRAY($headerNames;$1->)
COPY ARRAY($headerValues;$2->)