sessiongenerate — Generates a session that can be used to setup a cookie for accessing the site with a user's privileges.
Generates a session that can be used to setup a cookie for accessing the site with a user's privileges.
mode
The protocol request mode: sessiongenerate
userUsername. Leading and trailing whitespace is ignored, as is case.
auth_methodThe authentication method used for this request. Default is 'clear', for plain-text authentication. 'cookie' or any of the challenge-response methods are also acceptable.
password
Deprecated. Password in plain-text. For the default authentication method, either this needs to be sent, or hpassword.
hpassword
Deprecated. Alternative to plain-text password. Password as an MD5 hex digest. Not perfectly secure, but defeats the most simple of network sniffers.
auth_challengeIf using challenge-response authentication, this should be the challenge that was generated for your client.
auth_responseIf using challenge-response authentication, this should be the response hash you generate based on the challenge's formula.
ver(Optional) Protocol version supported by the client; assumed to be 0 if not specified. See Chapter 27, Protocol Versions for details on the protocol version.
expiration(Optional) Sessions can either expire in a short amount of time or last for a long period of time. You can specify either "short" or "long" as the value of this parameter. Short is 24 hours, long is 30 days.
ipfixed(Optional) If specified and true, this will cause the server to generate a session that is only valid from the IP address the sessiongenerate request was sent from. If you leave out this value, it will default to allowing any IP address to use this session information.
success
OK on success or FAIL when there's an error. When there's an error, see errmsg for the error text. The absence of this variable should also be considered an error.
errmsg
The error message if success was FAIL, not present if OK. If the success variable is not present, this variable most likely will not be either (in the case of a server error), and clients should just report "Server Error, try again later.".
ljsessionThis part of the response contains the actual session data. If you use the complete contents of this element as a cookie named "ljsession" then you will be able to access the site using the privileges of the user you authenticated as.