?

Log in

No account? Create an account
sessiongenerate - LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

sessiongenerate [Oct. 24th, 2006|02:32 am]
LiveJournal Client Discussions

lj_clients
[ralesk]
[mood |curiouscurious]

Hi all!

I’m trying to get the cookie-based login thing to work here in ljKlient, and I saw that sessiongenerate returns with success\nOK even on an invalid password.  Someone tell me I’m not seeing straight :)

linkReply

Comments:
[User Picture]From: boggyb
2006-10-24 05:20 am (UTC)
I always thought that cookie-based login meant you used the cookies from the browser to auth?

In any case, sessiongenerate is semi-broken at the moment. I found that you need to take the cookie it gives you, and set it as ljmastersession. Then you also need to strip it down to uXXX:sYYY and set that as ljloggedin.

The server also does weird things if the cookie expires - I generally saw it go round in an infinite redirect loop.
(Reply) (Thread)
[User Picture]From: ralesk
2006-10-24 05:48 am (UTC)

I thought it was for just general use — you have a cookie generated for your client (of course you may steal a cookie from the installed browsers too, if you want to be cheeky…) when you log in with C/R (what else), and then you just use the cookie until you need to generate a new one.  From what I saw (once I did get it to work), it’s even a faster way to authenticate than the C/R, and I would kind of expect it to strain both the client and the server a little less (even it it’s as trivial as two MD5 hashing).

I didn’t have to meddle with the cookie whatsoever — I sent back the whole thing, and it worked.  I didn’t have to put it in ljmastersession or anything like that… just send an X-LJ-Auth and a Cookie header, the latter with ljsession=the_cookie_data.  Where did you get this master session thing from, by the way?  I didn’t see such mentioned in the protocol docs.

As for the last one: well, let’s hope the real livejournal.com server doesn’t :)  Or let’s hope it does so they go and fix it? :P

(Reply) (Parent) (Thread)
[User Picture]From: boggyb
2006-10-24 06:30 am (UTC)
Ah, I wasn't using that cookie for the client interface. I used it to do things like see friends-only entries, and found that setting ljsession=$cookie didn't work. I found out about ljmastersession and ljloggedin by watching what happened with an actual browser.

Didn't know about ljsessionfiltered, so will have to give that a go.
(Reply) (Parent) (Thread)