These response values, deprecated in December 2015, will no longer be returned in the response to action=login. This change should be deployed to WMF wikis with 1.28.0-wmf.13, see https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap for the schedule.

Note that the lgtoken *parameter* to action=login is not removed, nor is the 'token' response value included along with a NeedToken response.

This is expected to have a low client impact, since proper handling of the Set-Cookie headers (rather than manually building cookies using these response values) has been effectively required for some time now.


The original deprecation announcement is quoted below:

On Tue, Dec 15, 2015 at 11:11 AM, Brad Jorsch (Anomie) <bjorsch@wikimedia.org> wrote:
Long ago, the only mechanism for session management in MediaWiki was certain cookies set by the User class. When ApiLogin was written, in addition to setting these cookies as usual it also returned some of the values needed to construct these cookies on the client. Presumably this was to make things easier for clients that somehow couldn't handle the standard cookie headers.

Then CentralAuth came along. Now, constructing the cookies manually would log you in to the local wiki only, without taking advantage of the SUL mechanism.

Then T55032[1] happened, and clients that were using the manual-construction mechanism had to update their code because one of the cookie names changed and that wasn't part of the data being returned.

And soon, we'll have SessionManager and AuthManager, which will make it possible for login to easily happen in ways that don't involve cookies at all.

So it's time to eliminate the pretense that clients can manually construct the cookies instead of handing the standard HTTP cookie headers. Tentative plan is to deprecate them now and then remove them sometime during 1.28; if anyone objects to this schedule, please raise your concerns in https://phabricator.wikimedia.org/T121527.


 [1]: https://phabricator.wikimedia.org/T55032

--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation



--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation