November 23rd, 2009

net zombie!
  • fub

sessiongenerate weirdness

I'm currently working on integrating Scrapbook in my LJ client. When downloading pictures, I got a 403 Forbidden error when downloading pictures that were under a friends-lock. That's (of course) exactly as it should be.
So my strategy is to get an LJ session cookie (through the sessiongenerate interface call) and send that along with my request for the pictures. However, I can't get it to work with the cookie I get back from the sessiongenerate call. To check, I extracted my ljsession cookie from Firefox and pasted that into my code -- and then it worked. So it's not my code that is broken. Tt seems as if the return value from sessiongenerate is invalid...

I inspected the two cookies a bit further, and saw an interesting difference. The one from sessiongenerate has the following structure:
v1:u[some number]:s[some number]:[11 alphanumeric characters]//Thanks+for+signing+in+/+LiveJournal+loves+you+a+lot+/+Here+have+a+cookie
The one that I picked from Firefox (that does work) is like this:
v1:u[some number]:s[some number]:[11 alphanumeric characters]:[41 alphanumeric characters]//Thanks+for+signing+in+/+LiveJournal+loves+you+a+lot+/+Here+have+a+cookie

The ones I get back from sessiongenerate are consistent in their structure, and they miss the second string of alphanumeric characters that my working cookie does have. What is going on? Is this a bug, or am I doing something wrong?