https://bugzilla.wikimedia.org/show_bug.cgi?id=45199
Tyler Romeo <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Tyler Romeo <[email protected]> --- (In reply to comment #2) > Under ideal circumstances I'd recommend this: > * drop all uses of token salt -- use the same token for all things in the > session > * return the token in the login response along with the session key > * have a single method for fetching the token (if using saved login cookies, > for instance) > > This should help simplify things. :) I'd agree with all except removing the salt. I'd prefer that the editing token not also work for creating accounts and deleting articles, but unfortunately I don't have too much of a reason because the reasons for giving per-request tokens in the browser interface don't apply to the API. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
