I'm trying to log into a MediaWiki 1.28 site using the API and a standalone PHP
script, but it keeps failing with the error "invalid token." I can successfully
retrieve a login token:
$tokenRequest = array(
'action' => 'query',
'format' => 'json',
'meta' => 'tokens',
'type' => 'login',
);
But when I issue my "action=clientlogin" request, I always get the error
"code=badtoken, info = invalid token":
$loginRequest = array(
'action' => 'clientlogin',
'format' => 'json',
'logintoken' => $token,
'loginreturnurl' => 'https://example.com/',
'username' => $username,
'password' => $password,
'domain' => 'mydomain',
'rememberMe' => 1,
);
I suspect the problem is that the two requests are not explicitly being made in the same
session. That is, I'm not adding the header "Cookie: <session cookie>"
to my second HTTP POST. How do I retrieve the session cookie after issuing my meta=tokens
request so I can hand it to the client login request? In earlier versions of MediaWiki, I
could get the cookie information from an API call, "action=login". This has been
deprecated but I haven't seen any examples of the new way to do it, just generic
instructions like "Clients should handle cookies to properly manage session
state."
I'm not operating inside the MediaWiki codebase with its WebRequest, SessionManager,
etc. classes -- this is a standalone script.
Thank you,
DanB