I am facing an issue where I am getting a 401 response with message ‘Invalid or expired session, please login again’ when I hit the /users/me API. This is happening even if I am sending the bearer token which was genereate from the /login API.
Here is the request:
curl -X GET \
http://localhost:8065/api/v4/users/me \
-H 'Authorization: Bearer 4p7ip3wuujby7cfmeqb7718fhc' \
-H 'Postman-Token: eac220fa-9208-427b-b76f-f048ba28908a' \
-H 'cache-control: no-cache'
We tried to replicate this error but was unsuccessful. When you get the token from the /login API call, make sure you’re grabbing the MMAUTHTOKEN value:
Set-Cookie: MMAUTHTOKEN= rx6gfpbf1bgjtfbbstba7mz98r
If you are getting this value, make sure that it exists in the Session table by running this query:
SELECT * FROM sessions WHERE token='<MMAUTHTOKEN Value>';
If it exists there then it might be a bug in that version of Mattermost, so try upgrading. If it doesn’t exist there verify that the login call is returning the correct value.
Finally, you could also try creating a Personal Access token for that user, which can be used in place of the MMAUTHTOKEN value and won’t expire.
Adding X-Requested-With: XMLHttpRequest as header fixed the issue.