You're correct the token is tied to the cookie value
How to do this is going to depend on how you are making HTTP requests.
If you are using PHP fopen, things are kind of complicated
$listOfHeaders = stream_get_meta_data( $fileHandle )['wrapper_data'];
gets you a list of headers. From there you you have to figure out
which one is the set-cookie header, and parse it.
Then when making the request, you have to add the cookie to the header
list in $options['http']['header'] where $options is the array fed to
stream_context_create().
If you are using the PHP curl extension:
You can get the various headers using the CURLOPT_HEADERFUNCTION callback option
You can set headers to send using the CURLOPT_HTTPHEADER option
------------------
There are examples for both curl and fopen in the includes/http
directory of MediaWiki. There are many php frameworks out there that
simplify all this, you may want to use one of those.
--
Brian
On Fri, Jul 14, 2017 at 4:13 PM, Daniel Barrett <danb(a)vistaprint.com> wrote:
I'm trying to log into a MediaWiki 1.28 site using
the API and a standalone PHP script, but it keeps failing with the error "invalid
token." I can successfully retrieve a login token:
$tokenRequest = array(
'action' => 'query',
'format' => 'json',
'meta' => 'tokens',
'type' => 'login',
);
But when I issue my "action=clientlogin" request, I always get the error
"code=badtoken, info = invalid token":
$loginRequest = array(
'action' => 'clientlogin',
'format' => 'json',
'logintoken' => $token,
'loginreturnurl' => 'https://example.com/',
'username' => $username,
'password' => $password,
'domain' => 'mydomain',
'rememberMe' => 1,
);
I suspect the problem is that the two requests are not explicitly being made in the same
session. That is, I'm not adding the header "Cookie: <session cookie>"
to my second HTTP POST. How do I retrieve the session cookie after issuing my meta=tokens
request so I can hand it to the client login request? In earlier versions of MediaWiki, I
could get the cookie information from an API call, "action=login". This has been
deprecated but I haven't seen any examples of the new way to do it, just generic
instructions like "Clients should handle cookies to properly manage session
state."
I'm not operating inside the MediaWiki codebase with its WebRequest, SessionManager,
etc. classes -- this is a standalone script.
Thank you,
DanB
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api