1.2.2 JSON smugmug.logout Not Working?

xmuggyxmuggy Registered Users Posts: 3 Beginner grinner
edited February 5, 2011 in SmugMug API Support & Integrations
I'm having trouble getting smugmug.logout to work using JSON with the API version 1.2.2. Anyone know what I'm doing wrong?

The URL I'm using looks like this
https://secure.smugmug.com/services/api/json/1.2.2/?method=smugmug.logout&APIKey=<MY_API_KEY_HERE>&SessionID=<SESSION_ID_HERE>&

where MY_API_KEY_HERE and SESSION_ID_HERE are filled in correctly.

I always get back a failed response:
{ "stat": "fail", "method": "smugmug.logout", "code": 3, "message": "invalid session" }

I'm using similar code to login and can also successfully use the users.getInfo method, but can't seem to figure this out.

I tried re-using the session ID after the failed logout and it is still usable meaning the logout is really failing.

Any tips appreciated.

Thanks!

Comments

  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited February 2, 2011
    If you login anonymously, then logout fails. Apparently, they don't want you to logout. Seems odd to me, but that's the way it works. I just removed the logout from my code.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
     Always include a link to your site when posting a question
  • xmuggyxmuggy Registered Users Posts: 3 Beginner grinner
    edited February 3, 2011
    jfriend wrote: »
    If you login anonymously, then logout fails. Apparently, they don't want you to logout. Seems odd to me, but that's the way it works. I just removed the logout from my code.

    Thanks, jfriend.

    I am actually logging in with a valid email address and password, and getting a successful login response. Given what you said, I think the problem is that this email/password login is treated as an anonymous login for some reason. I'm convinced of this because the smugmug.albums.get returns no albums after I've logged in successfully and use the session ID.

    However, if I change the login to be a smugmug.login.withHash login, I can logout successfully and also call smugmug.albums.get successfully and get a full album listing.

    Logout and albums.get calls always fail when I login using email/password. If I replace just the session ID in my URLs with a session ID received from smugmug.login.withHash, logout and albums.get work fine.

    So, from what I can tell, login.withPassword is treating my logins as anonymous despite returning a full successful response

    I'm not ruling out that I'm doing something wrong, but I can't seem to find the bug on my end.
  • xmuggyxmuggy Registered Users Posts: 3 Beginner grinner
    edited February 5, 2011
    xmuggy wrote: »
    I am actually logging in with a valid email address and password, and getting a successful login response. Given what you said, I think the problem is that this email/password login is treated as an anonymous login for some reason. I'm convinced of this because the smugmug.albums.get returns no albums after I've logged in successfully and use the session ID.

    Problem solved. On the API Update thread on this forum, I found mention of an (undocumented) _su cookie. I changed my code to send back the _su cookie and the methods are working now.

    See http://www.dgrin.com/showpost.php?p=1504996&postcount=24 .

    I don't see how the _su cookie helps security-wise, but that's another topic.
Sign In or Register to comment.