Jerry Krinock
2007-09-06 00:57:56 UTC
Hi,
For an experiment, I've set up two del.icio.us accounts. Here's what
I see in Mac OS X:
1. Log in to del.icio.us with Safari with myAccount1.
2. Log in to del.icio.us with Safari with myAccount2.
2. Quit Safari.
3. Delete all the del.icio.us cookies from shared
NSHTTPCookieStorage.
4. Wait 10 seconds or more.
5. Re-launch Safari
6. Browse to http://del.icio.us/myAccount1.
Result: myAccount1 bookmarks appear. No authentication
required.
7. Browse to http://del.icio.us/myAccount2.
Result: myAccount2 bookmarks appear. No authentication
required.
I believe that the Apple URL Loading System is overly magical in the
way it handles authentications, but with other domains, this requires
secure cookies. If someone could give me the del.icio.us perspective
on how the above magic might be happening without cookies, I'd really
appreciate it.
My problem is that the API methods do not pass a username value.
Therefore, if a user has active "persistent" logins like this with
more than one account, API messages always connect to the first-
logged-in account. I need a way for the API to connect to a
particular account which I specify.
Thanks very much,
Jerry Krinock
For an experiment, I've set up two del.icio.us accounts. Here's what
I see in Mac OS X:
1. Log in to del.icio.us with Safari with myAccount1.
2. Log in to del.icio.us with Safari with myAccount2.
2. Quit Safari.
3. Delete all the del.icio.us cookies from shared
NSHTTPCookieStorage.
4. Wait 10 seconds or more.
5. Re-launch Safari
6. Browse to http://del.icio.us/myAccount1.
Result: myAccount1 bookmarks appear. No authentication
required.
7. Browse to http://del.icio.us/myAccount2.
Result: myAccount2 bookmarks appear. No authentication
required.
I believe that the Apple URL Loading System is overly magical in the
way it handles authentications, but with other domains, this requires
secure cookies. If someone could give me the del.icio.us perspective
on how the above magic might be happening without cookies, I'd really
appreciate it.
My problem is that the API methods do not pass a username value.
Therefore, if a user has active "persistent" logins like this with
more than one account, API messages always connect to the first-
logged-in account. I need a way for the API to connect to a
particular account which I specify.
Thanks very much,
Jerry Krinock