Thanks I’ll go in very soon and correct it take care be safe Michael
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Cloud <cloud-bounces(a)lists.wikimedia.org> on behalf of Brad Jorsch (Anomie)
<bjorsch(a)wikimedia.org>
Sent: Wednesday, April 8, 2020 12:31:34 PM
To: mediawiki-api-announce(a)lists.wikimedia.org
<mediawiki-api-announce(a)lists.wikimedia.org>
Subject: [Cloud] [Mediawiki-api-announce] Change to action=login response when login fails
due to session loss
Since April 2010,[1] when no lgtoken is passed to the Action API action=login it will
return a "NeedToken" response including the token to use. While this method of
fetching the login token was deprecated in January 2016,[2] it is still present for the
benefit of clients that have not yet been updated and is not (yet) being removed.
The NeedToken response was also being returned when an lgtoken was supplied but could not
be validated due to session loss. While this made sense back in 2010 when the NeedToken
response was the only way to fetch the login token, these days it is mainly confusing[3]
and a way for clients with broken cookie handling to wind up in a loop.
With the merge of Gerrit change 586448,[4] the API will no longer return NeedToken when
lgtoken was supplied. If the token cannot be validated due to session loss, a
"Failed" response will be returned with a message referring to session loss as
the problem.
This change should be deployed to Wikimedia sites with 1.35.0-wmf.28 or later, see
https://www.mediawiki.org/wiki/MediaWiki_1.35/Roadmap<https://eur03.safe…
for a schedule.
Note that the change HAS NOT been deployed to Wikimedia sites as of the time of this
email. If your client's ability to log in broke on 6 April 2020, the cause is most
likely an unrelated change to Wikimedia's infrastructure that caused some HTTP headers
to be output with HTTP/2 standard casing, i.e. "set-cookie" rather than the
traditional "Set-Cookie". See
https://phabricator.wikimedia.org/T249680<https://eur03.safelinks.protec…
for details and further discussion of that situation.
[1]:
https://www.mediawiki.org/wiki/Special:Code/MediaWiki/64677<https://eur0…
[2]:
https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2016-January/0…
[3]:
https://phabricator.wikimedia.org/T249526<https://eur03.safelinks.protec…
[4]:
https://gerrit.wikimedia.org/r/c/mediawiki/core/+/586448<https://eur03.s…
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation