I authenticate in Postman by sending a POST request to an api endpoint (https) with my credentials included. The response sets two cookies.
Set-Cookie →atlassian.xsrf.token=AGH6-ZEXS-8CED-D3BW|96bac852b72xxx42042593f13axxxxe7f3ff1d5f|lout;path=/;Secure
Set-Cookie →JSESSIONID=8C53xxx0xxxx46B4A5201A68C098604DF08;path=/;Secure;HttpOnly
I click the 'Cookies' button in Postman and see that these two cookies are saved. When I now send a GET request to a secured page, I get authenticated and receive the expected response.
However, I need to do this programatically, so I try to set the cookies manually by adding a header to the request, using the same values I got in the original response.
Cookie: atlassian.xsrf.token=AGH6-ZEXS-8CED-D3BW|5xxxxxxxxba42582fb230ac7d7416e81204|lout;JSESSIONID=7AFxxxxxxxx27A461A01C193C57D
I also delete the cookies saved in Postman.
Now, my request gets redirected to a login-screen, as I apparently did not get authenticated.
What is the difference between my first and second GET request? How can I make sure the request is authenticated correctly?