Once the caller has been Authenticated and Authorized, it is issued a session token cookie named CamApiSessionId. A typical cookie looks like:

    Set Cookie: CamApiSessionId=tgqHpRA2H_ja7fwd3NBfuFXwTCEJ8kWVAbqMUehHpI4JYHkuJCQVll7YO3ld1PUO69PeQyAyRm4q1gOmXvFqsQ; Max Age=1800; Domain=srv01.my.com; Path=/cam/api/; HttpOnly; Secure

It is not recommended to write custom code to handle the cookie, as there are many ways to inadvertently create a security hole. Instead, leverage an existing, trusted library with secure cookie handling. For example, in the .NET Framework cookies can be handled securely with a CookieContainer:

// Use the same CookieContainer instance for all calls.
var cookieContainer = new CookieContainer();
handler.CookieContainer = cookieContainer;
var client = new HttpClient(handler);

Once a session token is issued, be sure to reuse it for all requests. Not doing so will cause the server to create a new session for each request, which will adversely affect performance.

Every time a request is made using a session token, the token’s life is extended. The response will include a new Set-Cookie header which reflects the refreshed cookie lifetime.