sessiongenerate

sessiongenerate — Generates a session that can be used to setup a cookie for accessing the site with a user's privileges.

Mode Description

Generates a session that can be used to setup a cookie for accessing the site with a user's privileges.

Arguments

mode

The protocol request mode: sessiongenerate

user

Username. Leading and trailing whitespace is ignored, as is case.

auth_method

The authentication method used for this request. Default is 'clear', for plain-text authentication. 'cookie' or any of the challenge-response methods are also acceptable.

password

Deprecated. Password in plain-text. For the default authentication method, either this needs to be sent, or hpassword.

hpassword

Deprecated. Alternative to plain-text password. Password as an MD5 hex digest. Not perfectly secure, but defeats the most simple of network sniffers.

auth_challenge

If using challenge-response authentication, this should be the challenge that was generated for your client.

auth_response

If using challenge-response authentication, this should be the response hash you generate based on the challenge's formula.

ver

(Optional) Protocol version supported by the client; assumed to be 0 if not specified. See Chapter 27, Protocol Versions for details on the protocol version.

expiration

(Optional) Sessions can either expire in a short amount of time or last for a long period of time. You can specify either "short" or "long" as the value of this parameter. Short is 24 hours, long is 30 days.

ipfixed

(Optional) If specified and true, this will cause the server to generate a session that is only valid from the IP address the sessiongenerate request was sent from. If you leave out this value, it will default to allowing any IP address to use this session information.

Return Values

success

OK on success or FAIL when there's an error. When there's an error, see errmsg for the error text. The absence of this variable should also be considered an error.

errmsg

The error message if success was FAIL, not present if OK. If the success variable is not present, this variable most likely will not be either (in the case of a server error), and clients should just report "Server Error, try again later.".

ljsession

This part of the response contains the actual session data. If you use the complete contents of this element as a cookie named "ljsession" then you will be able to access the site using the privileges of the user you authenticated as.