What is the purpose of login.withHash?

diligentdiligent Registered Users Posts: 3 Beginner grinner
I'm just starting out on the API so be patient!

I'm trying to figure out why login.withHash exists. It seems that in order to get the hash you have to first call login.withPassword. Once login.withPassword is called you already have a session id.

So why call login.withHash? Is it so that the client application can store the user's password in a one-way hash without storing the user's plain text password? For example, the application would call withPassword for the first time connection. The user would click "remember me". Then the application would store the hash code and allow logging in at a later time without the user having to retype their password.

Is this the scenario it is intended for?

Thanks,

--
Peter Stephens
http://smugpowertools.codeplex.com

Comments

  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited July 16, 2009
    yes, that's the intended operation :D

    Sessions expire after 6 hours of no activity.

    Cheers,

    David
    David Parry
    SmugMug API Developer
    My Photos
Sign In or Register to comment.