the lgtoken attribute (which is need to create a valid cookie for future requests) is invalid after successful login.
request (POST):
action=login&lgpassword=xxx&lgname=MerlIwBot
response:
<api><login result="NeedToken"
token="087cb80705ed9564d18c3309fae1ec"
cookieprefix=wikidatawiki
sessionid="9b4c867c526e06f0e55ee395287ff0"
/></api>
request (POST):
action=login&lgtoken=087cb80705ed9564d18c3309fae1ec&lgpassword=xxx&lgname=MerlIwBot
response:
<api><login result="Success"
lguserid="3280"
lgusername="MerlIwBot"
lgtoken="��������������������������������"
cookieprefix=wikidatawiki
sessionid="9b4c867c526e06af0e55ee39f287ff0"
/></api>
password, sessionid and first token is a bit modified for this paste of course. The problem is that the lgtoken is invalid because it only contains character hex:EF BF BD (which is "object replacement character" according to unicode table)
Login on all other wmf wikis and wikidata-test-repo.wikimedia.de work for me.
Version: unspecified
Severity: normal