?

Log in

No account? Create an account
Cookie generaton and handling - LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Cookie generaton and handling [Jul. 24th, 2004|02:14 pm]
LiveJournal Client Discussions

lj_clients

[talisker]
[mood |confusedconfused]

I'm playing with the source code of LJ.NET these days. I noticed that every communication with the LJ server uses cleartext auth, which isn't the best thing in the world. I'd like to switch over to cookie-based auth, but I'm having a problem.

From what I read of the API spec, any successful login should set an ljsession cookie - which defaults to a session cookie which is erased once the browser (or client) is closed. In C#, I can keep that as a static var that I can use for all the communication requests, no problem. The only problem is that I'm never getting that cookie. My login works fine, but the only cookie I receive after a successful login is ljuniq.

Am I doing something wrong? If anybody can help me on this one, I'd be mighty thankful.
linkReply

Comments:
[User Picture]From: vanbeast
2004-07-24 08:47 am (UTC)
Use the sessiongenerate method: http://www.livejournal.com/doc/server/ljp.csp.xml-rpc.sessiongenerate.html

You could also use challenge/response auth, which might be a little bit safer (ie, can't sniff a session cookie out of the transfers). There are other downsides, though... for instance, you'll need ready access to something that can return a hex-encoded MD5 of a string. I had to write my own, as I couldn't find anything that did that already.
(Reply) (Thread)
[User Picture]From: talisker
2004-07-24 08:58 am (UTC)
Thanks! Is sessiongenerate only available in the XML-RPC interface, or is it available in the flat?
(Reply) (Parent) (Thread)
[User Picture]From: vanbeast
2004-07-24 09:13 am (UTC)
It's only documented in the XML-RPC interface, but it may work in the flat as well.

I'll take this as an indication that LJ.NET uses the flat? I've been looking for an example of an XML-RPC client in C#... LiveJournal's return structs are kinda funky and I'm having problems fitting them into the Cook Computing XML-RPC lib (which is the only one worth a damn I've found).
(Reply) (Parent) (Thread)
[User Picture]From: fg
2004-07-24 09:17 am (UTC)
you have to modify the cook computing lib to get it to work with livejournal - livejournal does some 'creative' type casting that you have to account for.

after you do, it's very reliable.

check out ljArchive if you want to see an example client. the 'Engine' project has a bunch of xml structs for lj params and responses, and the 'xmlrpc' library is a modified version of Cook Computing's xmlrpc library that talks to lj.
(Reply) (Parent) (Thread)
[User Picture]From: vanbeast
2004-07-24 09:20 am (UTC)
Excellent! Thank you! I've been working on a few little utilities... not a full client, but a set of small tools.. a friends list editor, console client, etc... just haven't been able to get the damn thing to talk to the server :)

ljArchive, btw, is badass. Been playing with it all day.
(Reply) (Parent) (Thread)
[User Picture]From: fg
2004-07-24 09:38 am (UTC)
glad you like it!

you should post info on your tools here, too, when they're ready.
(Reply) (Parent) (Thread)
[User Picture]From: fg
2004-07-24 09:07 am (UTC)
if you're using .NET, md5 is easy:


using System;
using System.Security.Cryptography;
using System.Text;

internal class MD5Hasher
{
///
/// This is a static class.
///
private MD5Hasher() {}

static MD5Hasher()
{
md5 = new MD5CryptoServiceProvider();
}

static public string Compute(string plainText)
{
byte[] plainTextBytes = Encoding.ASCII.GetBytes(plainText);
byte[] hashBytes = md5.ComputeHash(plainTextBytes);
StringBuilder sb = new StringBuilder();
foreach (byte hashByte in hashBytes)
sb.Append(Convert.ToString(hashByte, 16).PadLeft(2, '0'));
return sb.ToString();
}

static private MD5CryptoServiceProvider md5;
}
(Reply) (Parent) (Thread)
[User Picture]From: vanbeast
2004-07-24 09:11 am (UTC)
That's pretty damn close to what I did:

public static string Md5Hex( string input ) {
	MD5 hasher = new MD5CryptoServiceProvider();
	StringBuilder output = new StringBuilder( 32 );
	byte[] hashArray, inputArray;

	inputArray = Encoding.ASCII.GetBytes( input );
	hashArray = hasher.ComputeHash( inputArray );

	for (int i = 0; i < hashArray.Length; i++) {
		output.Append( String.Format( "{0:x2}", hashArray[i] ) );
	}

	return output.ToString();
}
(Reply) (Parent) (Thread)
[User Picture]From: vanbeast
2004-07-24 09:13 am (UTC)
wow, why the hell didn't I do foreach?
(Reply) (Parent) (Thread)
[User Picture]From: ignite
2004-07-24 02:53 pm (UTC)
thank you!
I have been messing around with stuff to keep from having to use plain text and I was getting things encrypted but I could not get the output back into the correct byte string. I had no idea about the stringbuilder class. I have no doubt that you solved my problem.
Thanks again, kind coder.

Kyle
(Reply) (Parent) (Thread)