You're correct the token is tied to the cookie value
How to do this is going to depend on how you are making HTTP requests.
If you are using PHP fopen, things are kind of complicated $listOfHeaders = stream_get_meta_data( $fileHandle )['wrapper_data'];
gets you a list of headers. From there you you have to figure out which one is the set-cookie header, and parse it.
Then when making the request, you have to add the cookie to the header list in $options['http']['header'] where $options is the array fed to stream_context_create().
If you are using the PHP curl extension:
You can get the various headers using the CURLOPT_HEADERFUNCTION callback option
You can set headers to send using the CURLOPT_HTTPHEADER option ------------------
There are examples for both curl and fopen in the includes/http directory of MediaWiki. There are many php frameworks out there that simplify all this, you may want to use one of those.
-- Brian
On Fri, Jul 14, 2017 at 4:13 PM, Daniel Barrett danb@vistaprint.com wrote:
I'm trying to log into a MediaWiki 1.28 site using the API and a standalone PHP script, but it keeps failing with the error "invalid token." I can successfully retrieve a login token:
$tokenRequest = array( 'action' => 'query', 'format' => 'json', 'meta' => 'tokens', 'type' => 'login', );
But when I issue my "action=clientlogin" request, I always get the error "code=badtoken, info = invalid token":
$loginRequest = array( 'action' => 'clientlogin', 'format' => 'json', 'logintoken' => $token, 'loginreturnurl' => 'https://example.com/', 'username' => $username, 'password' => $password, 'domain' => 'mydomain', 'rememberMe' => 1, );
I suspect the problem is that the two requests are not explicitly being made in the same session. That is, I'm not adding the header "Cookie: <session cookie>" to my second HTTP POST. How do I retrieve the session cookie after issuing my meta=tokens request so I can hand it to the client login request? In earlier versions of MediaWiki, I could get the cookie information from an API call, "action=login". This has been deprecated but I haven't seen any examples of the new way to do it, just generic instructions like "Clients should handle cookies to properly manage session state."
I'm not operating inside the MediaWiki codebase with its WebRequest, SessionManager, etc. classes -- this is a standalone script.
Thank you, DanB
Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api