(also posted on Mediawiki.org on API talk:Login [1])
Hi,
My application, WPCleaner [2] works fine on Wikimedia wikis (Wikipedia, Wiktionary, ...), but my attempts to make it work on Waze wiki [3] have failed for now. I don't understand why login doesn't work on Waze wiki. Would someone have an idea about this problem ?
The first call to the login method for waze wiki returns a "NeedToken" answer as usual, with a session id in the answer and a wikidb_session cookie. When I call the login method a second time, with wikidb_session cookie set and the token, the answer from waze wiki is again a "NeedToken" with a different session id and wiki_session cookie.
Apart from this, the only difference that I noticed is the cookie name: enwikiSession for enwiki, wikidb_session for waze (no uppercase letter and an underscore).
Here's what my logs are saying when calling enwiki login:
POST https://en.wikipedia.org/w/api.php?action=login&lgname=NicoVTest&for... Request header:Accept-Encoding: gzip Request header:User-Agent: WPCleaner (+ http://en.wikipedia.org/wiki/User:NicoV/Wikipedia_Cleaner/Documentation) Request header:Host: en.wikipedia.org Request header:Content-Length: 60 Request header:Content-Type: application/x-www-form-urlencoded
Response header:Server: nginx/1.1.19 Response header:Date: Fri, 11 Jul 2014 21:58:05 GMT Response header:Content-Type: text/xml; charset=utf-8 Response header:Content-Length: 159 Response header:Connection: keep-alive Response header:X-Content-Type-Options: nosniff Response header:Cache-control: private Response header:Set-Cookie: enwikiSession=XXXXXX; path=/; secure; HttpOnly Response header:X-Frame-Options: SAMEORIGIN Response header:Content-Encoding: gzip Response header:Vary: Accept-Encoding Response header:X-Varnish: 2249630267, 3978847279, 3259701709 Response header:Via: 1.1 varnish, 1.1 varnish, 1.1 varnish Response header:Accept-Ranges: bytes Response header:Age: 0 Response header:X-Cache: cp1068 miss (0), amssq53 miss (0), amssq43 frontend miss (0) Response header:Set-Cookie: GeoIP=XXXXXX; Path=/; Domain=.wikipedia.org
POST https://en.wikipedia.org/w/api.php?action=login&lgname=NicoVTest&for... Request header:Accept-Encoding: gzip Request header:User-Agent: WPCleaner (+ http://en.wikipedia.org/wiki/User:NicoV/Wikipedia_Cleaner/Documentation) Request header:Host: en.wikipedia.org Request header:Cookie: $Version=0; enwikiSession=XXXXXX; $Path=/ Request header:Cookie: $Version=0; GeoIP=FR:Clamart:48.8000:2.2667:v4; $Path=/; $Domain=.wikipedia.org Request header:Cookie2: $Version="1" Request header:Content-Length: 101 Request header:Content-Type: application/x-www-form-urlencoded
Responses headers...
And the logs when calling waze wiki login:
POST https://wiki.waze.com/wiki/api.php?action=login&lgname=NicoVTest&for... Request header:Accept-Encoding: gzip Request header:User-Agent: WPCleaner (+ http://en.wikipedia.org/wiki/User:NicoV/Wikipedia_Cleaner/Documentation) Request header:Host: wiki.waze.com Request header:Content-Length: 62 Request header:Content-Type: application/x-www-form-urlencoded
Response header:Cache-Control: private Response header:Cache-control: no-cache="set-cookie" Response header:Content-Encoding: gzip Response header:Content-Type: text/xml; charset=utf-8 Response header:Date: Fri, 11 Jul 2014 22:00:55 GMT Response header:Server: nginx/1.1.19 Response header:Set-Cookie: wikidb_session=XXXXXX; path=/; secure; HttpOnly Response header:Set-Cookie: AWSELB=191167A308A57C43B5D163A49A25B6EA216AC961ACDACCD786A7F86CF60CB7DDA816851FC0DC6FA0FA203C21DE3B646E62AAF326EE53AE742952C05529425567AFC89D9424;PATH=/ Response header:Vary: Accept-Encoding Response header:X-Content-Type-Options: nosniff Response header:X-Frame-Options: DENY Response header:Content-Length: 166 Response header:Connection: keep-alive
POST https://wiki.waze.com/wiki/api.php?action=login&lgname=NicoVTest&for... Request header:Accept-Encoding: gzip Request header:User-Agent: WPCleaner (+ http://en.wikipedia.org/wiki/User:NicoV/Wikipedia_Cleaner/Documentation) Request header:Host: wiki.waze.com Request header:Cookie: $Version=0; wikidb_session=XXXXXX; $Path=/ Request header:Cookie: $Version=0; AWSELB=191167A308A57C43B5D163A49A25B6EA216AC961ACDACCD786A7F86CF60CB7DDA816851FC0DC6FA0FA203C21DE3B646E62AAF326EE53AE742952C05529425567AFC89D9424; $Path=/ Request header:Cookie2: $Version="1" Request header:Content-Length: 103 Request header:Content-Type: application/x-www-form-urlencoded
Responses headers...
Any idea on what's going on?
Thanks in advance
Nico
[1] https://en.wikipedia.org/wiki/Wikipedia:WPCleaner [2] https://www.mediawiki.org/wiki/API_talk:Login [3] https://wiki.waze.com/
The headers you provided appear correct. Are you able to log into Waze wiki using another framework? If so, it might be useful to compare the headers between the successful client and yours to identify what the difference might be. Perhaps Waze's infrastructure is somehow screwing up on the obsolete RFC 2965 cookie headers, for example.
The different style of cookie name is nothing to worry about, it's just a matter of different settings for $wgSessionName.
Thanks for the answer,
I tried using a client in bash (modified from [1] to exit after getting the edit token), and it seems to work : I do get an edit token after logging in.
I then modified the bash example to have more information on what is sent/received (--trace, ...), and I noticed than curl is sending back the cookies in a single header (instead of one header for each cookie as Apache HttpClient is doing by default). So, I changed my own code to force grouping cookies in a single header (by setting http.protocol.single-cookie-header to TRUE), and it seems to work now.
Thanks a lot ! Nico
[1] https://www.mediawiki.org/wiki/API:Client_code/Bash
On Mon, Jul 14, 2014 at 3:59 PM, Brad Jorsch (Anomie) <bjorsch@wikimedia.org
wrote:
The headers you provided appear correct. Are you able to log into Waze wiki using another framework? If so, it might be useful to compare the headers between the successful client and yours to identify what the difference might be. Perhaps Waze's infrastructure is somehow screwing up on the obsolete RFC 2965 cookie headers, for example.
The different style of cookie name is nothing to worry about, it's just a matter of different settings for $wgSessionName.
Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
mediawiki-api@lists.wikimedia.org