Page MenuHomePhabricator
Create Task
Maniphest T73638

API description of login action is misleading
Closed, ResolvedPublic
Actions

Description

The help for action=login says
"Log in and get the authentication tokens. In the event of a successful log-in, a cookie will be attached to your session. ..."

In fact, the first API result contains ONE token, and then if you provide this token and login is successful, you get a sessionid back in the API response, and the HTTP response header sets three cookies:

<cookieprefix>UserID
<cookieprefix>UserName
<cookieprefix>Token, set to the sessionid in the API result

these all expire in a month, none is a session cookie.

A better description for includes/api/ApiLogin.php might be

Log in and get sessionid and browser cookies.
A successful login returns a session ID and its HTTP response header sets wiki cookies identifying the user.
...

Even this might vary with wiki configuration.

Version: unspecified
Severity: trivial

Details

Reference
bz71638

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 3:44 AM
bzimport added projects: MediaWiki-Action-API, good first task.
bzimport set Reference to bz71638.
bzimport added a subscriber: Unknown Object (MLST).
Spage created this task.Oct 4 2014, 5:49 AM
Anomie added a comment.Oct 6 2014, 3:17 PM

It's not like the client can reliably do anything useful with the returned session ID, since $wgSessionName isn't indicated and CentralAuth changes things too. It's probably better to just say that the needed cookies are returned in the HTTP response and leave details for https://www.mediawiki.org/wiki/API:Login.

bzimport added a comment.Oct 6 2014, 3:19 PM

gerritadmin wrote:

Change 162960 had a related patch set uploaded by Anomie:
API: Internationalize all remaining core API modules

https://gerrit.wikimedia.org/r/162960

bzimport added a comment.Oct 20 2014, 9:41 PM

gerritadmin wrote:

Change 162960 merged by jenkins-bot:
API: Internationalize all remaining core API modules

https://gerrit.wikimedia.org/r/162960

Aklapper removed subscribers: Anomie, wikibugs-l-list.Oct 16 2020, 5:43 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL