Add session information to incoming request

As stated here, “It is possible to inject information that is carried within the user session object into the header space as well”. Thus, we are trying to inject an incoming request with headers that will hold session information, in particular the four quota-related fields shown here: Token Session Object Details

What are our options to add those quota_* fields to headers?


Hello @emanuel_meriles , and welcome to the community! :partying_face:

I believe it the easiest way would be to use custom plugins and initiate the insertion script within the post_key_auth cycle or a post cycle that requires a session. The session object details would be available during this phase, so you could perform the necessary modifications to the headers there. There are a couple of plugin languages that allow this. Please peruse the list and select your choice. We have quick start examples you could start with. One of them Javascript Post-Auth might be of interest as I used that to run quick test of your requirement. A snippet of my modifications is shown below

  log('session.quota_max: ' + JSON.stringify(session.quota_max))
  log('session.quota_remaining: ' + JSON.stringify(session.quota_remaining))
  log('session.quota_renewal_rate: ' + JSON.stringify(session.quota_renewal_rate))
  log('session.quota_renews: ' + JSON.stringify(session.quota_renews))

  var headerKey = "X-JSVM-Custom-Header"
  request.SetHeaders[headerKey] = JSON.stringify(session.quota_remaining)

Alternatively, a very dirty hack would be to copy the values of the quota-related field to the key’s meta data and just use the $tyk_meta label to retrieve them in the transform header middleware. But you would have to be wary about updates to the key/session as those changes would not automatically traverse to the meta values.

If any other options popup, I’ll be sure to reply on this thread.