||[Oct. 24th, 2006|02:32 am]
LiveJournal Client Discussions
I’m trying to get the cookie-based login thing to work here in ljKlient, and I saw that
sessiongenerate returns with
success\nOK even on an invalid password. Someone tell me I’m not seeing straight :)
I always thought that cookie-based login meant you used the cookies from the browser to auth?
In any case, sessiongenerate is semi-broken at the moment. I found that you need to take the cookie it gives you, and set it as ljmastersession. Then you also need to strip it down to uXXX:sYYY and set that as ljloggedin.
The server also does weird things if the cookie expires - I generally saw it go round in an infinite redirect loop.
I thought it was for just general use — you have a cookie generated for your client (of course you may steal a cookie from the installed browsers too, if you want to be cheeky…) when you log in with C/R (what else), and then you just use the cookie until you need to generate a new one. From what I saw (once I did get it to work), it’s even a faster way to authenticate than the C/R, and I would kind of expect it to strain both the client and the server a little less (even it it’s as trivial as two MD5 hashing).
I didn’t have to meddle with the cookie whatsoever — I sent back the whole thing, and it worked. I didn’t have to put it in
ljmastersession or anything like that… just send an
X-LJ-Auth and a
Cookie header, the latter with
ljsession=the_cookie_data. Where did you get this master session thing from, by the way? I didn’t see such mentioned in the protocol docs.
As for the last one: well, let’s hope the real livejournal.com server doesn’t :) Or let’s hope it does so they go and fix it? :P
Ah, I wasn't using that cookie for the client interface. I used it to do things like see friends-only entries, and found that setting ljsession=$cookie didn't work. I found out about ljmastersession and ljloggedin by watching what happened with an actual browser.
Didn't know about ljsessionfiltered, so will have to give that a go.