The query module (e.g. userinfo) ist working regardless i use centralauth_User/Token/Session or dewikiUsername/Token/Session as cookie. Changing a page content using the api-edit-module only works with the local cookie. Sending only the three centralauth-Cookies on an edit request returns a "badtoken"-error.
Because the local cookie names and values change on each wiki it would be nice to not relogin on every wiki.
Version: 1.15.x
Severity: enhancement
(In reply to comment #0)
The query module (e.g. userinfo) ist working regardless i use
centralauth_User/Token/Session or dewikiUsername/Token/Session as cookie.
Changing a page content using the api-edit-module only works with the local
cookie. Sending only the three centralauth-Cookies on an edit request returns a
"badtoken"-error.Because the local cookie names and values change on each wiki it would be nice
to not relogin on every wiki.
This is gonna be non-trivial to reproduce for me, so can you make sure that you used the same cookies for the token request and the edit request? The token depends on your cookie, so you can't get a token with a deWiki cookie and use it with a centralauth cookie (that's more or less the point of tokens).
Please try using one set of tokens (only the deWiki ones or only the centralauth ones) for both the token retrieval and the edit request, and see if the issue persists.
My code
a)in local-cookie-mode reads the cookie data from the returned xml-data from login module:
user="/api/login/@lguserid"; token="/api/login/@lgtoken"; session="/api/login/@sessionid";
Then on every following request i do (this testcase is for dewiki, because i don't read the cookieprefix):
addHeader("Cookie" ,"dewikiUsername="+user+"; dewikiToken="+token+"; dewiki_session="+session);b)in global-cookie-mode reads the cookie data from the SetCookie-Header return from login module:
Header h = getHeader("Set-Cookie");
user=h.getParameter("centraulauth_User"); token=h.getParameter("centraulauth_Token"); session=h.getParameter("centraulauth_Session");
Then on every following request i do:
addHeader("Cookie" ,"centralauth_User="+user+"; centralauth_Session="+session+"; centralauth_Token="+session);Only these three cookies mentioned before are send on every request (no dewiki_session in global mode although it is returned as Set-Cookie-Header)
Both versions are working correct e.g. when requesting userinfo.
No other Code has been changed between these two testcases. The edittoken is requested with "action=query&prop=info&intoken=edit&titles=Pagename" and is working with the edit request on mode a). But in mode b) a badtoken error is returned. All data (login, edittoken, edit) is send via a http-post request.
(In reply to comment #2)
No other Code has been changed between these two testcases. The edittoken is
requested with "action=query&prop=info&intoken=edit&titles=Pagename" and is
working with the edit request on mode a). But in mode b) a badtoken error is
returned. All data (login, edittoken, edit) is send via a http-post request.
Can you check whether your edit token just happens to be +\ (without any hash in front of it)?
using only "+\" as token returns a bad token error.
Sending no cookie and using "+\" returns success.
The token is exactly the same on both modes.
mike.lifeguard+bugs wrote:
(In reply to comment #4)
Sending no cookie and using "+\" returns success.
This must result in a logged-out edit, since "+\" is the token for anonymous users.
I have written a Python script to access the API as well and had the same problems. It can be resolved with accepting the locally set cookies on all requests (can be done using a single http request function and a cookie store var per wiki), which in my opinion is mandatory, cause there is a reason why those exist.
Bryan.TongMinh wrote:
Well, no. The whole point of CA is that you only need to login once.