When our Next.js frontend calls protected endpoints on a Moqui backend, a brand-new session is created each time, even though we’re sending the saved moquiSessionToken
and the user is already logged in.
Steps to Reproduce
- Log in via the Next.js app (successfully stores
moquiSessionToken
inlocalStorage
). - Navigate around the UI so that it calls several backend endpoints (e.g., fetching user profile, channels, dashboard data).
- Inspect the backend logs (or database): you’ll see a new Moqui session created for every request, even though the same token is sent each time.
What we are Sending
GET /api/rest/s1/eyon/viewer/channel HTTP/1.1
Host: 127.0.0.1:3000
Accept: application/json
Content-Type: application/json
moquiSessionToken: JpPjySV2WSPVsk8jrwHd
Expected Behavior
- The backend should recognize the existing
moquiSessionToken
and reuse the associated session. - No new sessions should be created on subsequent requests.
Actual Behavior
- A new Moqui session is created on every API call, regardless of the
moquiSessionToken
header value. - User’s login state appears intact on the frontend, but backend session proliferation causes performance and storage issues.
What We’ve Tried
- Verifying that
moquiSessionToken
is correctly read fromlocalStorage
and added to every request. - Checking network logs: the header is present on each call.
- Testing with both
moquiSessionToken
header and Cookie-based sessions, same problem persists.
Questions
- Are we missing a configuration in Moqui to reuse sessions by token?
- Should we be sending something else (e.g. a session cookie) instead of
moquiSessionToken
? - Any tips on debugging Moqui’s session management to see why it’s ignoring our token?
Thanks in advance for any guidance!