We got a graylog running behing a nginx server, we have a authentication layer on top of it. When authenticated it will set the X-Forwarded-User header and will pass it on to graylog. To keep tracking of the users a JSESSIONID cookie is used to identify if the user is still authenticated by the top layer.
All looks ok, all requests made by the browser (index page) do contain the JSESSIONID cookie, but the calls that are initiated via client.js (by browser) seem to loose the JSESSIONID, thus my calls aren’t being allowed by the top layer, anyone a solution how this can be tackled ?