Sessions are not officially supported. You might as well just to include credentials with all calls.
On Sat, Apr 11, 2009 at 18:57, Adrian <spiritpo...@gmail.com> wrote: > > Hi, on my client, if I run GET request, I'll have to authenticate but > after that all other GETs don't require authentication. Then, as soon > as there is a POST, I will have to re-authenticate. I'd prefer the > server just accepted the POST request as part of the session from the > already authenticated user and didn't reask for credentials. See > headers below: GET Request > Authenticate > POST Request > Fail > > > > > http://twitter.com/account/verify_credentials.json?callback=jsonp1239486621989&_=1239493435268 > > GET /account/verify_credentials.json? > callback=jsonp1239486621989&_=1239493435268 HTTP/1.1 > Host: twitter.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > 1.9.0.8) Gecko/2009032609 Firefox/3.0.8 > Accept: */* > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Authorization: Basic ZGVzbWlkaXNvOmd3dHdnd3R3 > > HTTP/1.x 200 OK > Date: Sat, 11 Apr 2009 23:44:15 GMT > Server: hi > Last-Modified: Sat, 11 Apr 2009 23:44:15 GMT > Status: 200 OK > Etag: "a69811ab820044f3fcad85ed061bb512"-gzip > Pragma: no-cache > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- > check=0 > Content-Type: application/json; charset=utf-8 > Expires: Tue, 31 Mar 1981 05:00:00 GMT > X-Revision: 0d279c956b77447dc8b68179a828f0d93a6e93e3 > X-Transaction: 1239493455-52742-21090 > Set-Cookie: lang=; path=/ > Set-Cookie: > _twitter_sess=BAh7CToJdXNlcmkEKCLNAToTcGFzc3dvcmRfdG9rZW4iLWFkNmEzZGQzMzli > > %250AOGRiZTE5YmViNTFlYzAwODZhYjRhZjE3NGY1OTE6B2lkIiU4MjAwYTFmYTA5%250AM2I4ZWUxYTEzNmJlOTQ4NmZlNzgzOCIKZmxhc2hJQzonQWN0aW9uQ29udHJv > %250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D-- > b68d85bbacedd2a15c46152c514ac78fc30c1873; domain=.twitter.com; path=/ > Vary: Accept-Encoding > Content-Encoding: gzip > Content-Length: 491 > Connection: close > > ------------ > https://twitter.com/statuses/update.xml > > POST /statuses/update.xml HTTP/1.1 > Host: twitter.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > 1.9.0.8) Gecko/2009032609 Firefox/3.0.8 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ > *;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Content-Type: application/x-www-form-urlencoded > Content-Length: 53 > source=Twitya&in_reply_to_status_id=&status=Hello+God > HTTP/1.x 401 Unauthorized > Date: Sat, 11 Apr 2009 23:47:38 GMT > Server: hi > Status: 401 Unauthorized > WWW-Authenticate: Basic realm="Twitter API" > Cache-Control: no-cache, max-age=1800 > Content-Type: application/xml; charset=utf-8 > Set-Cookie: > _twitter_sess=BAh7BzoHaWQiJTc2OGQzNGEzNzlhNWYyNjliNTI1NDIzZTYxYmU4ZjkyIgpm > %250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG > %250AOgpAdXNlZHsA--546494cea99c2f48565af4f437ae265f04ed6bc6; > domain=.twitter.com; path=/ > Expires: Sun, 12 Apr 2009 00:17:38 GMT > Vary: Accept-Encoding > Content-Encoding: gzip > Content-Length: 135 > Connection: close > > -- Abraham Williams | http://the.hackerconundrum.com Hacker | http://abrah.am | http://twitter.com/abraham Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States