Custom login to app

I have a problem because I want to be able to log in to the application via e-mail or telephone number. I made a microflow that downloads from the database the account that has a given email or phone number and then wants to log this person in via java actions. My error is: I got around this mistake by entering java login immediately, but then I have this error: And it looks like I have not logged in to the user. Code in Java:
1 answers

Please make sure this is what you actually what to do. Logging someone in based solely on their email or phone number sounds like a big security flaw.

In order for this to work, you need to send the session cookies back to the user. Here’s a Java action that does this. It takes a username, creates a session for that user, and then sets cookies to be returned to the user’s browser.

For posterity, here’s the source code:

// This file was generated by Mendix Modeler.
// WARNING: Only the following code will be retained when actions are regenerated:
// - the import list
// - the code between BEGIN USER CODE and END USER CODE
// - the code between BEGIN EXTRA CODE and END EXTRA CODE
// Other code you write will be lost the next time you deploy the project.
// Special characters, e.g., é, ö, à, etc. are supported in comments.

package myfirstmodule.actions;

import com.mendix.core.Core;
import com.mendix.m2ee.api.IMxRuntimeRequest;
import com.mendix.m2ee.api.IMxRuntimeResponse;
import com.mendix.systemwideinterfaces.core.IContext;
import com.mendix.webui.CustomJavaAction;
import system.proxies.TokenInformation;
import com.mendix.systemwideinterfaces.core.ISession;
import com.mendix.systemwideinterfaces.core.IUser;

public class SetSessionData extends CustomJavaAction<java.lang.Boolean>
	private java.lang.String Username;

	public SetSessionData(IContext context, java.lang.String Username)
		this.Username = Username;

	public java.lang.Boolean executeAction() throws Exception
		IContext ctx = getContext();
		IUser user = Core.getUser(ctx, this.Username);
		if (user != null) {
			ISession session = Core.initializeSession(user, null);
			// get the response object
			if (ctx.getRuntimeResponse().isPresent()) {
				IMxRuntimeResponse res = ctx.getRuntimeResponse().get();
				setCookies(res, session); // set xassessionid and xasid cookies
				return true;


		return false;


	 * Returns a string representation of this action
	public java.lang.String toString()
		return "SetSessionData";

	private void setCookies(IMxRuntimeResponse response, ISession session) {
		response.addCookie("XASSESSIONID", session.getId().toString(), "/", "", -1, true);
		response.addCookie("XASID", "0." + Core.getXASId(), "/", "", -1, true);