Page MenuHomePhabricator

Allow toggling of persistent cookies ("remember me") in API action=login
Closed, ResolvedPublic


Currently, the cookies set when logging in via the API are always persistent. It would be nice if ApiLogin.php took an optional boolean parameter to control this behavior and passed it along to LoginForm (via the wpRemember parameter).

This should be pretty easy to implement, I just don't feel like doing it just now and I'm not that familiar with the API internals anyway. I might do it sometime later if no-one else does it first.

Sort of related to bug 26538, but not really the same thing.

Version: 1.18.x
Severity: enhancement

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:14 PM
bzimport added a project: MediaWiki-API.
bzimport set Reference to bz26597.
bzimport added a subscriber: Unknown Object (MLST).

Reopening; r89537 caused test breakage and may not be correct.

Reverted in r89537 pending a better fix

Bryan.TongMinh wrote:

You can add an inverted boolean like nonpersistent=1 to fix this.

Perhaps something like

rememberme && rememberme =='0'

(or rememberme !== '0' ), depending on how overwriting/appending is done.

Change 265201 had a related patch set uploaded (by Anomie):
WIP: API changes for AuthManager

Change 265201 merged by jenkins-bot:
API changes for AuthManager

This is resolved now with the introduction of AuthManager, and specifically API action=clientlogin which uses the same backend code that the new SpecialUserLogin uses to do authentication.

There's no timeframe for when this will be available on WMF wikis, though, beyond "soon". The next step will be to resolve T110282, then a gradual deploy while watching for things to break.

Anomie claimed this task.

Change 289122 had a related patch set uploaded (by Gergő Tisza):
API changes for AuthManager

Change 289122 merged by jenkins-bot:
API changes for AuthManager