||[Oct. 24th, 2006|02:32 am]
LiveJournal Client Discussions
I’m trying to get the cookie-based login thing to work here in ljKlient, and I saw that
sessiongenerate returns with
success\nOK even on an invalid password. Someone tell me I’m not seeing straight :)
I thought it was for just general use — you have a cookie generated for your client (of course you may steal a cookie from the installed browsers too, if you want to be cheeky…) when you log in with C/R (what else), and then you just use the cookie until you need to generate a new one. From what I saw (once I did get it to work), it’s even a faster way to authenticate than the C/R, and I would kind of expect it to strain both the client and the server a little less (even it it’s as trivial as two MD5 hashing).
I didn’t have to meddle with the cookie whatsoever — I sent back the whole thing, and it worked. I didn’t have to put it in
ljmastersession or anything like that… just send an
X-LJ-Auth and a
Cookie header, the latter with
ljsession=the_cookie_data. Where did you get this master session thing from, by the way? I didn’t see such mentioned in the protocol docs.
As for the last one: well, let’s hope the real livejournal.com server doesn’t :) Or let’s hope it does so they go and fix it? :P
Ah, I wasn't using that cookie for the client interface. I used it to do things like see friends-only entries, and found that setting ljsession=$cookie didn't work. I found out about ljmastersession and ljloggedin by watching what happened with an actual browser.
Didn't know about ljsessionfiltered, so will have to give that a go.