Log in

No account? Create an account
Suddenly I realized something was wrong... - LiveJournal Client Discussions — LiveJournal [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Suddenly I realized something was wrong... [Jul. 26th, 2004|04:58 pm]
LiveJournal Client Discussions


[mood |stumped...]

I am stuck... Am working slowly but surely on my plan to interface livejournal with my website via php, and I suddenly realized that the xmlrpc method needs to be told who the viewer is... as of now, it only posts the most recent journal entry on my site: http://digitalsneeze.com/forums/ffb_ljsetup.php?uid=2 and it completely does not check if the reader is authorized to do so... that means if my last post is private, anyone can see it, but what i realize the only method around this is that when a user logs in to my site, it also logs in to livejournal, meaning it needs access to existing livejournal cookies and the ability to make new ones if i need to... Am I mistaken here? and if not, what do i do? Let me know what you guys think...


From: snej
2004-07-27 02:38 pm (UTC)

Re: hmmmm...

"what I was hoping was that there was some way to somehow query livejournal as to this computer's users lj name"

What's "this computer"? All you know about the machine the browser is running on is its IP address (which is not accurate if it's behind a NAT or proxy) and any cookies it's storing for your website. There's no way LJ could make anything meaningful out of that

"cause a cookie to be formed somehow, ie prompt livejournal to set a cookie on their computer"

But the only way that could happen is if their browser contacted LiveJournal directly. You don't seem to understand that your server being in the middle makes it a fundamentally different situation than the user's browser talking to LJ.

Cross-site authentication like what you're trying to do is, at this point in time, still in the domain of rocket science. Microsoft's Passport tried to do it. The Liberty Alliance has been working for years on a secure way to do it. It's not going to be a simple matter of using some cookies, unfortunately.
(Reply) (Parent) (Thread)
[User Picture]From: fbartho
2004-07-27 04:21 pm (UTC)


well see what you think i am describing clearly is in the realm of fiction at the moment and your point about the ip, is the reason why I put proxy in quotes, I guess the clearest version of what that whole cookies scenario was trying to accomplish was to somehow route the user to livejournal, have the cookie be set and retrieved by livejournal essentially transparently but my site would get the username data from that exchange and the transparent page would then redirect back to my site... hehehe... hmmmm... like I said its one of those things that i bet could be implemented relatively easily, but there would be little point for livejournal to do so, and it would probably not scale well taking up alot of time/computations for livejournal... So basically I follow exactly what you are saying, that you showed me in probably your first comment that my wishful thinking needed to be brought down to earth, and the rest of this is just me alternately whining/trying to explain what my wishful thinking would have liked... and since I'm wishing, I might as well ask for the cross-site logins to be implemented... :D

Thanks for the answers...
(Reply) (Parent) (Thread)