Share sessionId with an iframe - Graylog 4.3.6


I succeeded compiling a plugin which is adding a page in Graylog.

This page have an iframe in which a web application is supposed to request data to Graylog using the REST API.

Until now, I used the sessionId token stored in localStorage in order to share the sessionId from graylog to its iframe.

However, in Graylog v4.3.6, the sessionId is not stored in locastorage anymore but in a cookie whiose access is restricted with httpOnly.

Is there any way to share this sessionId considerong those changes ?


Not sure if this will help, but can you create a user with sesson token and use that.
Found something here

EDIT: Hey, I was working on MongoDb and came across session_id, by chance are you refering to something like this?

root # mongo
> use graylog;
> show collections;
> db.sessions.find().pretty();
1 Like

Indeed, I could use a dedicated token. However the token would allow any user to make use the REST API without being identified.

The attribution to any action would not be possible anymore.

I think I will be continuing exploring the MongoDb option ! By any chance, I maybe could retrieve the sessionId of the user from the java code inside the plugin and write it as a cookie with httpOnly=true inside my iframe.

I’ll let you know about this

Thanks for this tips !

1 Like


Not sure if you knwo this but mongo has a command called mongoexport. Something like this example with user/password.

mongoexport  -u mongo_admin -p  password123 --collection=session--db=graylog --out=/var/log/streams/session.json 

Grabs the collection info and places it in a textfile.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.