SOAP Cookie

I recently ran into a SOAP interface that required the use of a persistent session cookie in order for subsequent SOAP requests to be authorized. Most SOAP web services are state-less, meaning they don’t depend on any prior SOAP call. You simply authenticate, or pass in a token with every SOAP request. In this case, however, the SOAP web service required an initial connection with user credentials. It then saved a Session ID in one of the SOAP Request cookies. It then required that any other SOAP call had this session ID set in the HTTP request.

I did some digging and found out that ServiceNow has support for persistent session cookies.

The overarching idea here is that you grab the Session ID from the cookies returned in the initial SOAP Response and set them in the header of your next request.

Here is how I did it:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
//Perform "Open Session" Web Service call with proper credentials
var s = new SOAPMessage(‘CS Web Service Internet Connect’, ‘openSession’);
s.setParameter(‘userName’, ‘Admin’);
s.setParameter(‘password’, ‘MySecurePassword’);
var response = s.post();

//Grab the cookie header from the SOAP Response
var cookieHeaders= s.getResponseHeaderValue(“Set-Cookie”).split(“;”);

//The session ID was always the first Cookie in the header, so returned
//that.  This could be more elegant, but this is only an example
var sessionCookie = cookieHeaders[0];

//Make the second web service call to perform an action such as
//to start a remote server
var s = new SOAPMessage(‘CS Web Service Internet Connect’, ‘serverStart’);
//Set the session ID as a cookie in the request header
s.setRequestHeader(“Cookie”,sessionCookie);
//Set other parameters required by the WSDL
s.setParameter(‘serverPath’, ‘/MyTestServer’);
var response = s.post();
gs.log(“startServer response: “+response);