https://bugzilla.wikimedia.org/show_bug.cgi?id=71638
Bug ID: 71638
Summary: API description of login action is misleading
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: Unprioritized
Component: API
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected]
Web browser: ---
Mobile Platform: ---
The help for action=login says
"Log in and get the authentication tokens. In the event of a successful log-in,
a cookie will be attached to your session. ..."
In fact, the first API result contains ONE token, and then if you provide this
token and login is successful, you get a sessionid back in the API response,
and the HTTP response header sets three cookies:
<cookieprefix>UserID
<cookieprefix>UserName
<cookieprefix>Token, set to the sessionid in the API result
these all expire in a month, none is a session cookie.
A better description for includes/api/ApiLogin.php might be
Log in and get sessionid and browser cookies.
A successful login returns a session ID and its HTTP response header sets
wiki cookies identifying the user.
...
Even this might vary with wiki configuration.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
