Log in

No account? Create an account
LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

[May. 2nd, 2005|11:19 pm]
LiveJournal Client Discussions


Quick question about cookie authentication and posting:

Does it matter if I just delete the cookie on the computer instead of calling the sessionexpire mode? Or am I supposed to 'log out' to delete the reference to it on the server? And with setting 'expiration' to short or long - just how long is short or long?

[User Picture]From: marksmith
2005-05-02 10:28 pm (UTC)
Short is 24 hours, Long is 30 days. I would recommend using sessionexpire if there's a convenient point to do so. The system will automatically clean up old sessions on your behalf, but it's a safety thing -- if the session doesn't exist, nobody can hijack it!

As for posting -- you don't need sessiongenerate to post entries. It's designed to give you a cookie so that you can use it with other pages that require a logged in and valid session cookie, such as the export comments interface.
(Reply) (Thread)
[User Picture]From: int
2005-05-03 01:49 am (UTC)
Yeah, hijacking is what I was thinking of.

I make an LJ client for Firefox - the idea was that you could log in via the client and it could copy the cookie (it seems identical for the site) received to .livejournal.com, so you could be automatically logged into the site while the client is logged in.
(Reply) (Parent) (Thread)