Security When Using a blank App from Javascript

I have a blank app that responds with json data from the db. I’m calling this from another SC app that has a 3rd party widget with Ajax.

When security is not switched on, it works fine. When I switch on security, the widget gets the unauthorized message.

I troubleshot by logging into the main app, getting the session id and manually placing “?script_case_session=[sessionid]&…” directly into the URL but it gives the same error.

I need help fixing this.

SOS anyone?

A possible workaround is to disable security in this blank, and check for some kind of security from your own code

I tried by checking isset([usr_login]) as created by the generated login app but it didn’t work even when I had logged in. That’s when I started fiddling with passing script_case_session manually in the get parameters but still couldn’t get it to work.