.. include:: ../Includes.txt
.. _authentication_cookies:
============
Cookies
============
How to authenticate a user using the TYPO3 frontend user cookie
---------
When you log in as a frontend user, TYPO3 will automatically set a cookie named ``fe_typo_user`` containing
a session ID to identify the user. In a standard TYPO3 website, this cookie is sent with every subsequent request.
The same applies to AJAX-requests you make from JavaScript. As long as your frontend application and your REST Api are
hosted on the same domain, things should run pretty smooth.
Using the fe_typo_user-cookie on same domain
---------
If your frontend application is running under the same domain that the Api is located on, there is really
not much to pay attention to.
Simply send your credentials in a POST-request to the endpoint
``https://www.mywebsite.com/api/auth``. This endpoint is part of the nnrestapi extension.
.. code-block:: php
// POST this to https://www.mywebsite.com/api/auth
{"username":"john", "password":"xxxx"}
TYPO3 will respond with information about the user. TYPO3 will also send a cookie named ``fe_typo_user`` containing
a session ID. This cookie will automatically be set in the browser and passed back to the server in your next request.
Here is a full script to test cookie based authentication. Please upload it to the **same domain** that your
application is located on.
.. tabs::
.. tab:: axios
.. code-block:: html
nnrestapi Demo with axios and cookies
.. tab:: pure JS
.. code-block:: html
nnrestapi Demo with cookie based authentication
Cross domain fe_typo_user-cookie
---------
For cross domain requests, e.g. if your backend is running on a different server than your application or
you are connection from a localhost environment to a remote server, using cookies will get complicated.
In this case, we would recommend using one of the other methods for authentication: :ref:`HTTP basic auth `
or :ref:`JSON Web Tokens `.