Last modified: 2010-06-24 19:45:23 UTC
The API NeedsToken response to login actions should provide a sessionid attribute in the same was that the Success response does.
case LoginForm::NEED_TOKEN: global $wgCookiePrefix; $result['result'] = 'NeedToken'; $result['token'] = $loginForm->getLoginToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; It does in trunk, but doesn't in 1.16 http://svn.wikimedia.org/viewvc/mediawiki/branches/wmf/1.16wmf4/includes/api/ApiLogin.php?view=markup http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/api/ApiLogin.php?view=markup
We should backport that; it breaks clients that do not support extracting cookies from response headers I think.
It's in 1.16, probably needs putting into 1.15 It's in wmf3, but not wmf4 :/
Sorry, I did not check trunk - just the documentation and 1.16. I have added it to [[API:Login]], if this is backported it will need updating though.