Usage of JWT Token for Session Authentification (Full-Text-RSS)

Hey there,
how can I use a JWT Token (e.g. handelsblatt.com) to get a session for full page support?
Normally I use http_header(cookie) for site patterns (http_header(cookie): ssohls=SOME-SECRET).

But handelsblatt e.g. uses a very long so called X-HMG-JW-Token. (see JSON Web Token Introduction - jwt.io)

Is their something like http_header(cookie), especially for those tokens?

Best regards,
Mario

Hi Mario, do you know how long these sessions are supposed to last. Wouldn’t that token expire at some point?

At the moment Full-Text RSS supports a small set of HTTP headers, including cookie, but you can’t set any HTTP header using the site config files.

Full-Text RSS doesn’t really support non-public sites that require a login. Some people use the site config files to set a cookie header after they’ve logged in to the site manually, so requests from Full-Text RSS appear to be coming from the logged-in user.

While that does work for those scenarios, if the user is logged out, the site config file will need to be updated again with a new cookie value.

The intended use of the cookie header is for values that don’t really change, and aren’t tied to a specific user. For example, a site might present a cookie notice that a user has to consent to before they can read the content. The consent is often recorded in a simple cookie that’s used on subsequent requetss. Full-Text RSS can safely ignore such cookie notices, so adding that in the site config with http_header(cookie) makes sure users get the content and not the cookie notice.

If you’re able to code up the login/authetication process yourself, outside of Full-Text RSS, you can grab the full HTML from the site and pass that to Full-Text RSS so it extracts the content from the submitted HTML and doesn’t have to make its own requests. That’s one workaround that you could consider.