--- univention-appcenter-control.new	2022-05-09 21:29:11.019970049 +0200
+++ univention-appcenter-control	2022-05-09 21:33:38.608857497 +0200
@@ -310,7 +310,8 @@
 
 	def __init__(self):
 		super(SelfserviceAction, self).__init__()
-		self._cookiejar = None
+		self._username = None
+		self._password = None
 
 	def setup_parser(self, parser):
 		try:
@@ -336,11 +337,8 @@
 			raise Abort('Unrecoverable result: %r' % result)
 
 	def _login(self, args):
-		username = self._get_username(args)
-		password = self._get_password(args)
-		self._cookiejar = NamedTemporaryFile()
-		result = self.curl(args, 'auth', username=username, password=password)
-		self._get_result(result)
+		self._username = self._get_username(args)
+		self._password = self._get_password(args)
 		result = self.command(args, 'api')
 		remote_api_level = self._get_result(result)
 		if remote_api_level != self.API_LEVEL:
@@ -368,17 +366,8 @@
 		if not args:
 			args.extend(['-X', 'POST'])
 			args.extend(['-H', 'Content-Length: 0'])
-		umc_session_id = None
-		with open(self._cookiejar.name) as cookie_file:
-			# hopefully, cookie jar format does not change with different libcurl versions...
-			for line in cookie_file:
-				match = re.match(r'(.*)\t(.*)\t(.*)\t(.*)\t(.*)\tUMCSessionId\t(.*)', line)
-				if match:
-					umc_session_id = match.groups()[-1]
-		if umc_session_id:
-			args.extend(['-H', 'X-Xsrf-Protection: %s' % umc_session_id])
 
-		args = ['curl', '--cookie', self._cookiejar.name, '--cookie-jar', self._cookiejar.name, '-H', 'X-Requested-With: XmlHttpRequest', '-H', 'Accept: application/json; q=1'] + args + [uri]
+		args = ['curl', '--basic', '--user', '%s:%s' % (self._username, self._password), '-H', 'X-Requested-With: XmlHttpRequest', '-H', 'Accept: application/json; q=1'] + args + [uri]
 		process = Popen(args, stdout=PIPE, stderr=PIPE)
 		out, err = process.communicate()
 		out, err = out.decode('UTF-8'), err.decode('UTF-8')
@@ -390,12 +379,12 @@
 			raise Abort('Unrecoverable Response')
 
 	def command(self, args, command, **kwargs):
-		if not self._cookiejar:
+		if not self._username:
 			self._login(args)
 		return self.curl(args, 'command/appcenter-selfservice/%s' % command, _command=True, **kwargs)
 
 	def upload(self, args, **kwargs):
-		if not self._cookiejar:
+		if not self._username:
 			self._login(args)
 		return self.curl(args, 'upload/appcenter-selfservice/upload', **kwargs)