Description of problem:

If we are logged in business central and use the same session to access the REST API using the browser, it invalidates the session and we have to login again in business central.

Version-Release number of selected component (if applicable):

How reproducible:
always

Steps to Reproduce:
1. Login into business central;
2. Open a new browser tab;
3. Reach some endpoint of the REST API, for example, the task query:

http://localhost:8080/business-central/rest/task/query?taskOwner=owner

4. Now try to access business central http://localhost:8080/business-central/

Actual results:

You will be logged out and will be require to login again.

Expected results:

It should keep the session.

Additional info:

It seems it ignores the original cookie and ask for authentication again, making the browser remove the original auth cookie. Perhaps before invoking org.uberfire.ext.security.server.BasicAuthSecurityFilter we could have some mechanism to check if the user is already logged in or check if the user is logged in in this filter, but I guess this would break the desirable stateless behavior of this filter.

So perhaps the solution is simply document that this is an expected behavior?

If we login one time in business central and try to access the REST API, it will work for the first time, the second time will ask for Basic auth credentials. Something is messing the authentication.