KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: Avoid REST API Session Flooding
PRODUCT: 4D | VERSION: 20 | PLATFORM: Mac & Win
Published On: April 7, 2025

When using the 4D REST API, every successful authentication call to the $directory/login endpoint creates a session and returns a session cookie typically named WASID4D. Many developers encounter a common pitfall: if the client does not reuse this cookie across subsequent API calls, the server treats each request as a new login. This leads to the creation of multiple sessions and can quickly exhaust the maximum allowed active users.

Always ensure that your client, whether it's 4D Remote, Postman or another HTTP client, stores and automatically re-attaches the session cookie on every subsequent request.
This simple step is crucial to:

  • Maintain a single active session per user.
  • Prevent session overflows which could lead to errors like “maximum number of users reached”.
  • Optimize overall security and resource management on your 4D server.

Adopting this approach not only mitigates potential disruptions but also aligns your implementation with 4D’s recommendations for session management. By integrating proper cookie management into your API calls, you ensure a smoother, more efficient, and error-free interaction with the REST API moving forward.