I am facing an issue where I am getting a 401 response with message ‘Invalid or expired session, please login again’ when I hit the /users/me API. This is happening even if I am sending the bearer token which was genereate from the /login API.
We tried to replicate this error but was unsuccessful. When you get the token from the /login API call, make sure you’re grabbing the MMAUTHTOKEN value:
If you are getting this value, make sure that it exists in the Session table by running this query:
SELECT * FROM sessions WHERE token='<MMAUTHTOKEN Value>';
If it exists there then it might be a bug in that version of Mattermost, so try upgrading. If it doesn’t exist there verify that the login call is returning the correct value.
Finally, you could also try creating a Personal Access token for that user, which can be used in place of the MMAUTHTOKEN value and won’t expire.