On Thu, Apr 13, 2017 at 8:40 AM, Kai Sommer <sommer(a)leibniz-gei.de> wrote:
Making the 2nd request I have to send
"lgname", "lgpassword" and "lgtoken"
in the body and the cookie in the header. − But then I get the API warning:
"Fetching a token via action=login is deprecated. Use
action=query&meta=tokens&type=login instead."
The response includes the result ("NeedToken") and "token",
"cookieprefix", "sessionid".
If I use the body-parameters as URL-parameters I get the API warning:
"The following parameters were found in the query string, but must be in
the POST body: lgpassword, lgtoken".
That means you lost the session. The API thinks you are using the old
method of doing to action=login POSTs (the first to fetch a token).
You should probably use some cookie handling library. Set-Cookie and Cookie
have different syntax, and in general cookie handling is tricky to get
right.