[solved] Invalid or expired session, please login again

I am facing an issue where I am getting a 401 response with message ‘Invalid or expired session, please login again’ when I hit the /users/me API. This is happening even if I am sending the bearer token which was genereate from the /login API.

Here is the request:

curl -X GET \
  http://localhost:8065/api/v4/users/me \
  -H 'Authorization: Bearer 4p7ip3wuujby7cfmeqb7718fhc' \
  -H 'Postman-Token: eac220fa-9208-427b-b76f-f048ba28908a' \
  -H 'cache-control: no-cache'

We tried to replicate this error but was unsuccessful. When you get the token from the /login API call, make sure you’re grabbing the MMAUTHTOKEN value:

Set-Cookie: MMAUTHTOKEN= rx6gfpbf1bgjtfbbstba7mz98r

If you are getting this value, make sure that it exists in the Session table by running this query:

SELECT * FROM sessions WHERE token='<MMAUTHTOKEN Value>';

If it exists there then it might be a bug in that version of Mattermost, so try upgrading. If it doesn’t exist there verify that the login call is returning the correct value.

Finally, you could also try creating a Personal Access token for that user, which can be used in place of the MMAUTHTOKEN value and won’t expire.

Adding X-Requested-With: XMLHttpRequest as header fixed the issue.