sessiongenerate — Generates a session that can be used to setup a cookie for accessing the site with a user's privileges.
Generates a session that can be used to setup a cookie for accessing the site with a user's privileges.
The protocol request mode: sessiongenerate
Username. Leading and trailing whitespace is ignored, as is case.
The authentication method used for this request. Default is 'clear', for plain-text authentication. 'cookie' or any of the challenge / response methods are also acceptable.
DEPRECATED. Password in plain-text. For the default authentication method, either this needs to be sent, or hpassword.
DEPRECATED. Alternative to plain-text password. Password as an MD5 hex digest. Not perfectly secure, but defeats the most simple of network sniffers.
If using challenge / response authentication, this should be the challenge that was generated for your client.
If using challenge / response authentication, this should be the response hash you generate based on the challenge's formula.
(Optional) Protocol version supported by the client; assumed to be 0 if not specified. See Chapter 11: Protocol Versions for details on the protocol version.
(Optional) Sessions can either expire in a short amount of time or last for a long period of time. You can specify either "short" or "long" as the value of this parameter.
(Optional) If specified and true, this will cause the server to generate a session that is only valid from the IP address the sessiongenerate request was sent from. If you leave out this value, it will default to allowing any IP address to use this session information.
OK on success or FAIL when there's an error. When there's an error, see errmsg for the error text. The absence of this variable should also be considered an error.
The error message if success was FAIL, not present if OK. If the success variable isn't present, this variable most likely won't be either (in the case of a server error), and clients should just report "Server Error, try again later.".
This part of the response contains the actual session data. If you use the complete contents of this element as a cookie named "ljsession" then you will be able to access the site using the privileges of the user you authenticated as.