?

Log in

No account? Create an account
Keeping logged in (cookies?) - LiveJournal Client Discussions — LiveJournal [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Keeping logged in (cookies?) [Mar. 22nd, 2004|09:30 am]
LiveJournal Client Discussions
lj_clients
[sej7278]
I'm writing a Livejournal client as a way to evaluate cross-platform wxWidgets support in Python (would use PyQt if it weren't for the stupid Windows licensing issues).

I've managed to get logged in (even through a proxy) and retrieve a communities list (docs say "shared journal" or "friend groups"?) and wrapped a MDI GUI around it, done login error handling, welcome message etc.

I'm using the flat protocol at the moment, as after years of using XML-RPC as a Web Developer, I've decided it's pretty pointless for small amounts of data (and hey, it's too much of a buzzword for me!)

Now, I'm just about to start on the getfriends mode, but see that you've got to pass username and password with each mode.

As I don't want to have a login process (with error checking etc.) with each mode, is there a way you can stay logged in? I noticed in the HTTP headers we're getting a cookie back, how do we pass this back to LJ?
linkReply

Comments:
From: ex_snej373
2004-03-22 10:22 am (UTC)
Every command in the LJ protocol requires a username/password, as far as I know. You should just need to ask the user once when they configure the client, then pass the stored authentication info in each command.

I'm not sure what your point is about "staying logged in". HTTP is a stateless protocol. If you used a cookie you'd have to pass it along with every command too.
(Reply) (Thread)
[User Picture]From: marksmith
2004-03-22 10:33 am (UTC)
What snej said. You can't really stay logged in with the client protocol. Although, there are two ways of sending in login information with a request:

1) using username and plain password
2) using username and MD5 digest of password

I highly recommend using option #2, as it's safer for the users than option #1, by a little bit at least.
(Reply) (Parent) (Thread)
From: ex_snej373
2004-03-22 10:36 am (UTC)
Well, from a higher level perspective you're staying logged in. It's just that at the protocol level you have to re-authenticate every command. This is true of any HTTP based system, whether a web browser or XML-RPC service or whatever, because HTTP is explicitly and purposely stateless.
(Reply) (Parent) (Thread)
[User Picture]From: jproulx
2004-03-22 10:55 am (UTC)
http://goathack.livejournal.org:8006/doc/server/ljp.csp.auth.challresp.html is probably the safest method to use right now, actually.
(Reply) (Parent) (Thread)
[User Picture]From: marksmith
2004-03-22 11:06 am (UTC)
That doesn't work for the flat mode, right? He said he didn't want to use XML-RPC, and was using flat for speed.

Most clients use the flat mode, because it's a heckuva lot easier to just send HTTP requests than it is to figure out your language-of-choice's method of doing XML-RPC.
(Reply) (Parent) (Thread)
[User Picture]From: jproulx
2004-03-22 11:09 am (UTC)
Works just fine for the flat protocol.
(Reply) (Parent) (Thread)
[User Picture]From: marksmith
2004-03-22 11:19 am (UTC)
Well I'll be damned. I did a cursory inspection of the list of modes in LJ::do_request, but I didn't see it. I notice now that it's up above the username required area. Interesting.

Cool! Learn something new every day. I should code this into LochJournal.
(Reply) (Parent) (Thread)
[User Picture]From: simonb
2004-03-22 03:03 pm (UTC)
Challenge-response definately works with the flat protocol; versions 0.09 and later of LJ::Simple implement it by default.
(Reply) (Parent) (Thread)
From: sej7278
2004-03-22 11:28 am (UTC)
It just dawned on me as I came here to check for replies, that I can just login once, and then just keep that login info.

I was thinking that the username/password was calling the login mode each time for some reason.

I am using the md5hex password system. I looked at challenge/response, but it is another HTTP request/get, and hey, people use the website login with md5hex.

I'm thinking of building wxPython 2.5cvs so I can move to the wx namespace now rather than having to change everything later.....
(Reply) (Thread)