| Description | This article describes how FortiWeb user-tracking works with JSON applications and what admins need to consider and configure. |
| Scope | FortiWeb. |
| Solution |
curl -vk http://10.10.10.10/api/user/login \ > -H 'Accept: application/json, text/javascript, */*; q=0.01' \ > -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \ > -H 'Cache-Control: no-cache' \ > -H 'Connection: keep-alive' \ > -H 'Content-Type: application/json; charset=UTF-8' \ > -H 'Pragma: no-cache' \ > -H 'X-Requested-With: XMLHttpRequest' \ > --data-raw '{"username":"admin","password":"fortinet","token":""}' \ > --insecure * Trying 10.10.10.10... * TCP_NODELAY set * Connected to 10.10.10.10 (10.10.10.10) port 80 (#0) > POST /api/user/login HTTP/1.1 > Host: 10.10.10.10 > Accept: application/json, text/javascript, */*; q=0.01 > Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 > Cache-Control: no-cache > Connection: keep-alive > Content-Type: application/json; charset=UTF-8 > Pragma: no-cache > X-Requested-With: XMLHttpRequest > Content-Length: 53 > * upload completely sent off: 53 out of 53 bytes < HTTP/1.1 200 OK < Date: Mon, 16 Sep 2024 09:53:18 GMT < Content-Type: application/json; charset=utf-8 < Content-Length: 221 < Connection: keep-alive < X-XSS-Protection: 1; mode=block < Content-Security-Policy: default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:; < X-Content-Type-Options: nosniff < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=31536000 < * Curl_http_done: called premature == 0 * Connection #0 to host 10.10.10.10 left intact {"admin":"admin","authid":"","default_hostname":"no","expire":"2024-09-16T10:53:18-07:00","first_login":"no","force_change_passwd":"no","ftc_status":"","policy":{},"Type":40,"Token":"89001e8b-725c-4bde-7392-608274254079"} <-
|
