Log in

No account? Create an account
LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Problem with sessiongenerate [Oct. 6th, 2006|10:46 pm]
LiveJournal Client Discussions


(x-posted to boggyb and lj_clients)

I'm having problems with sessiongenerate and the cookie it gives. Basically, I want to be able to log in using the client API and grab a session cookie. I then want to use that cookie elsewhere, in this case specifically for viewing friends-only entries that the user account has access to. The problem I'm getting is while the session cookie appears fine, it's not letting me in.

Code and details

Okay, here's what my code does. It's written in VB 6, but should be understandable if you don't know VB. Sensitive information has been replaced with ****.

First, I use the client interface to grab a session cookie. I know I should use digest auth, but for testing I can't be bothered (it's non-trivial in VB). This code also falls over spectacularly if an error occurs, but that's not the problem.

    Set whr = New WinHttpRequest
    whr.Option(WinHttpRequestOption_UserAgentString) = "LJread/0.1 (private development version, email tnmm20@**** for more details)"
    whr.Open "POST", "http://www.livejournal.com/interface/flat"
    whr.Send "mode=sessiongenerate&user=boggyb&password=" & InputBox("boggyb's password")
    sCookie = whr.ResponseText
    sCookie = Left$(sCookie, InStr(InStr(sCookie, vbLf) + 1, sCookie, vbLf) - 1)
    sCookie = Replace(sCookie, vbLf, "=")

sCookie now contains something like ljsession=v1:****//Thanks+for+signing+in+/+LiveJournal+loves+you+a+lot+/+Here+have+a+cookie

So far, so good. Next I try to grab a page with it, with code that looks something like this:

    whr.Open "GET", "http://www.livejournal.com/users/boggyb/116861.html?usescheme=lynx"
    whr.SetRequestHeader "Cookie", sCookie

That post is friends-only, and I am on my own friends list. I can see it in my friends page when logged in. What I should get is that post. What I actually get is a 403 Forbidden error.

Doing a bit more digging actually shows that my cookie's not being accepted on public posts. I set my journal options so everyone gets the banner (the "powered by lj" one), and if I go to a public post with that code I get the login boxes on that, showing that the cookie wasn't accepted. It's not NTL's proxy server meddling, as I edited an earlier post and the edit showed up. And Etheral shows that the cookie is actually being sent.

Ideas anyone? Is this a problem on my end, or is sessiongenerate broken?

[User Picture]From: xb95
2006-10-06 10:48 pm (UTC)
sessiongenerate doesn't really work anymore since we split the site out to use per-domain cookies. Look at what cookies LJ is setting and mimic them - you are going to have to go through the redirect stuff that we do on browsers in order to make it work.

Notably, the big thing missing is your "logged in" cookie, I forget the name of it. This logged in cookie is set on .livejournal.com so it works everywhere. Then when you visit a journal, they see you're logged in but don't have a domain session, so they bounce you back to www.livejournal.com to get the cookie.

But yeah, it's not working as expected...
(Reply) (Thread)
[User Picture]From: boggyb
2006-10-06 10:51 pm (UTC)
Ah, that explains it. I'll have a look with Etheral tomorrow, and see if I can code a workaround.
(Reply) (Parent) (Thread)