When the service runs as an authenticated user, the external application sending the
request must include the username and password of an Operator ID in the request. The
external application can send these values either in an HTTP header, or appended to the URL
as name/value pairs for the parameters
Password. The value of the password must be base64-encoded.
When the session state in a service package is set to
service returns a cookie in the response with the Set-Cookie HTTP header. The cookie
contains the Requestor ID of the requestor that processed the first request, with the prefix
"PegaRULES." For another request to access the same session data, the external application
must include the PegaRULES cookie in the header of that request.
Custom cookies and stateful sessions
A response can contain only one Set-Cookie header. If a Set-Cookie is set in the data mapping on the Response tab, the Pega Platform does not set the PegaRULES cookie for you. So if the services run in a stateful session and you need to return custom cookies, your rules are also responsible for constructing the PegaRULES cookie.
Create the cookie string by concatenating all the cookies to be sent, including the
PegaRULES cookie, into one string. The value of the PegaRULES cookie must be the requestor
ID. For example:
Get the value of the requestor ID from the
page, which is always present on the clipboard. This can be
accomplished either by having the service activity set a clipboard property, or through a
Rule-Utility-Function. Then, use the Response tab to configure a
header that contains the string with the values of all the