Generating and Reusing a JSESSION ID for Scripted Interactions

Once you authenticate, every logged-in user has a unique JSESSION ID that is tracked in XNAT. If you are performing multiple scripted commands, you can use this JSESSION ID in place of your authentication to associate your requests with a user account. This JSESSION ID has an even shorter lifespan than an alias token, however — as soon as you log out, it expires. 

You can combine the alias token login with a call to create a JSESSION ID like so: 

$ curl -u ALIAS:SECRET -X POST http://10.1.1.17/data/JSESSION

Note that we are performing a "POST" to the API with the "-X POST" command. This posts a new request to the API handler, which then authenticates you and returns a result. If no command is entered, the default curl call is a "GET", which is simply a request for existing information. 

A successful call will return a long string of characters, something like "34C160A7CB5CCDB816E1B80D86BDEBBD". You can then use this JSESSION ID in place of an authentication string, like so: 

$ curl -b JSESSIONID=34C160A7CB5CCDB816E1B80D86BDEBBD http://10.1.1.17/data/projects?format=csv >> projects2.csv

Note that we are using the "-b" flag, which is used to link to a browser's session cookie, to pass the JSESSION ID. Thus, this will only work as long as there is an active user session with that ID. 

This call will produce a file that contains a list of projects that your user account has access to. This list should match the list generated in the instructions for Generating an Alias Token for Scripted Authentication.