Log in

No account? Create an account
LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

sessiongenerate [Oct. 24th, 2006|02:32 am]
LiveJournal Client Discussions


[mood |curiouscurious]

Hi all!

I’m trying to get the cookie-based login thing to work here in ljKlient, and I saw that sessiongenerate returns with success\nOK even on an invalid password.  Someone tell me I’m not seeing straight :)


[User Picture]From: ralesk
2006-10-24 09:48 am (UTC)

I thought it was for just general use — you have a cookie generated for your client (of course you may steal a cookie from the installed browsers too, if you want to be cheeky…) when you log in with C/R (what else), and then you just use the cookie until you need to generate a new one.  From what I saw (once I did get it to work), it’s even a faster way to authenticate than the C/R, and I would kind of expect it to strain both the client and the server a little less (even it it’s as trivial as two MD5 hashing).

I didn’t have to meddle with the cookie whatsoever — I sent back the whole thing, and it worked.  I didn’t have to put it in ljmastersession or anything like that… just send an X-LJ-Auth and a Cookie header, the latter with ljsession=the_cookie_data.  Where did you get this master session thing from, by the way?  I didn’t see such mentioned in the protocol docs.

As for the last one: well, let’s hope the real livejournal.com server doesn’t :)  Or let’s hope it does so they go and fix it? :P

(Reply) (Parent) (Thread)
[User Picture]From: boggyb
2006-10-24 10:30 am (UTC)
Ah, I wasn't using that cookie for the client interface. I used it to do things like see friends-only entries, and found that setting ljsession=$cookie didn't work. I found out about ljmastersession and ljloggedin by watching what happened with an actual browser.

Didn't know about ljsessionfiltered, so will have to give that a go.
(Reply) (Parent) (Thread)