Usage of JWT Token for Session Authentification (Full-Text-RSS)

Hey there,
how can I use a JWT Token (e.g. to get a session for full page support?
Normally I use http_header(cookie) for site patterns (http_header(cookie): ssohls=SOME-SECRET).

But handelsblatt e.g. uses a very long so called X-HMG-JW-Token. (see JSON Web Token Introduction -

Is their something like http_header(cookie), especially for those tokens?

Best regards,

Hi Mario, do you know how long these sessions are supposed to last. Wouldn’t that token expire at some point?

At the moment Full-Text RSS supports a small set of HTTP headers, including cookie, but you can’t set any HTTP header using the site config files.

Full-Text RSS doesn’t really support non-public sites that require a login. Some people use the site config files to set a cookie header after they’ve logged in to the site manually, so requests from Full-Text RSS appear to be coming from the logged-in user.

While that does work for those scenarios, if the user is logged out, the site config file will need to be updated again with a new cookie value.

The intended use of the cookie header is for values that don’t really change, and aren’t tied to a specific user. For example, a site might present a cookie notice that a user has to consent to before they can read the content. The consent is often recorded in a simple cookie that’s used on subsequent requetss. Full-Text RSS can safely ignore such cookie notices, so adding that in the site config with http_header(cookie) makes sure users get the content and not the cookie notice.

If you’re able to code up the login/authetication process yourself, outside of Full-Text RSS, you can grab the full HTML from the site and pass that to Full-Text RSS so it extracts the content from the submitted HTML and doesn’t have to make its own requests. That’s one workaround that you could consider.