?

Log in

entries friends calendar profile Previous Previous Next Next
Phooey - Qualified Perceptions
firstfrost
firstfrost
Phooey
The new username.livejournal.com paradigm has broken my little "what comment numbers have changed since I last looked" script and I can't figure out how to fix it. :( I think it has to do with the web server being sneakier now and normal web browsers happily falling for the trick and my little perl script not being bright enough to do. And cookies. Cookies are different somehow. But darned if I actually understand cookies at all.

Current Mood: disappointed disappointed

5 comments or Leave a comment
Comments
mijven From: mijven Date: January 26th, 2006 01:47 pm (UTC) (Link)

phooey, indeed!


Those pesky tricksters!
navrins From: navrins Date: January 26th, 2006 02:28 pm (UTC) (Link)
It breaks my habit of being able to look at a specific person's LJ by highlighting off the end of whatever URL is in my browser and typing the name of the person I want.

As for cookies... I suspect if I direct you to this slide from the class I just TA'd, and the ones following it, you'll be able to figure out what you need to know, despite the general suckiness of that lecture's slides.
chenoameg From: chenoameg Date: January 26th, 2006 03:38 pm (UTC) (Link)
Ooh, when you get that script working again I want it.
eichin From: eichin Date: January 28th, 2006 07:40 am (UTC) (Link)
assuming bin/friendtracker is the script you're talking about... I don't think your problem is cookies. If you go to login.bml and "view source", you should see two things: (1) a bunch of %lt;input type='hidden'> fields -- you need to include those in your form post; (2) some javascript to md5sum the challenge and password together and send that instead - and *not* send your real password in the clear, even without https. Presumably the second part is optional (because they support browsers without javascript, I assume) but it's easy enough to do in perl that it might be worth doing anyway. The big thing is that you have to GET the login page first, parse the hidden challenge out of it, and post that back...


I spent 20 minutes playing with this in python (mostly because it had some similarity to a blogs.mit.edu comment-killer I wrote last week, and because it sounded like an interesting approach -- though I think I really want an rss feed of the comments, that's a lot more work), see /mit/eichin/ljcomments.py -- if the above explanation wasn't enough, hopefully I've commented it well enough to give you some more hints. Unfortunately, the cookie handling needs python 2.4, and I only see 2.3 on the dialups...

firstfrost From: firstfrost Date: January 28th, 2006 07:53 am (UTC) (Link)
oooh! cool. :)
("Learn how to use md5 stuff" has been on my list of things to do for a while, but I've been slow to actually do it).

I realize I jumped to the conclusion that it was all about cookies because the announcement of the change was something like "We changed how this works, to fix a cookies security problem". I'm happy that it's something closer to things I understand.
5 comments or Leave a comment