Every command in the LJ protocol requires a username/password, as far as I know. You should just need to ask the user once when they configure the client, then pass the stored authentication info in each command.

I'm not sure what your point is about "staying logged in". HTTP is a stateless protocol. If you used a cookie you'd have to pass it along with every command too.

What snej said. You can't really stay logged in with the client protocol. Although, there are two ways of sending in login information with a request:

1) using username and plain password
2) using username and MD5 digest of password

I highly recommend using option #2, as it's safer for the users than option #1, by a little bit at least.

Well, from a higher level perspective you're staying logged in. It's just that at the protocol level you have to re-authenticate every command. This is true of any HTTP based system, whether a web browser or XML-RPC service or whatever, because HTTP is explicitly and purposely stateless.

http://goathack.livejournal.org:8006/doc/server/ljp.csp.auth.challresp.html is probably the safest method to use right now, actually.

That doesn't work for the flat mode, right? He said he didn't want to use XML-RPC, and was using flat for speed.

Most clients use the flat mode, because it's a heckuva lot easier to just send HTTP requests than it is to figure out your language-of-choice's method of doing XML-RPC.

Works just fine for the flat protocol.

Well I'll be damned. I did a cursory inspection of the list of modes in LJ::do_request, but I didn't see it. I notice now that it's up above the username required area. Interesting.

Cool! Learn something new every day. I should code this into LochJournal.

Challenge-response definately works with the flat protocol; versions 0.09 and later of LJ::Simple implement it by default.

It just dawned on me as I came here to check for replies, that I can just login once, and then just keep that login info.

I was thinking that the username/password was calling the login mode each time for some reason.

I am using the md5hex password system. I looked at challenge/response, but it is another HTTP request/get, and hey, people use the website login with md5hex.

I'm thinking of building wxPython 2.5cvs so I can move to the wx namespace now rather than having to change everything later.....