- 忘れたころに追記
- API で _twitter_sess は発行されているようですが、web の UI にアクセスはできなくなったみたいです(つまり豪快さは解消されてます)
- OAuth コンシューマが twitter API にアクセスすると、ブラウザでログインしたときと同様のセッションクッキーが発行されている模様です
GET https://twitter.com/account/verify_credentials.xml
Authorization: OAuth realm="", oauth_consumer_key="***", oauth_nonce="***", oauth_signature="***", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1253358338", oauth_token="***", oauth_version="1.0"
User-Agent: OAuth::Lite::Consumer/1.14
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Connection: close
Date: Sat, 19 Sep 2009 11:05:40 GMT
Pragma: no-cache
ETag: "5572a6f39b4d5cb3d7b642b00ab78ed4"
Server: hi
Vary: Accept-Encoding
Content-Length: 2157
Content-Type: application/xml; charset=utf-8
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Sat, 19 Sep 2009 11:05:40 GMT
Client-Date: Sat, 19 Sep 2009 11:05:38 GMT
Client-Peer: 168.143.162.68:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
Client-SSL-Cert-Subject: /C=US/O=twitter.com/OU=GT09721236/OU=See www.rapidssl.com/resources/cps (c)09/OU=Domain Control Validated - RapidSSL(R)/CN=twitter.com
Client-SSL-Cipher: DHE-RSA-AES256-SHA
Client-SSL-Warning: Peer certificate not verified
Set-Cookie: lang=en; path=/
Set-Cookie: lang=en; path=/
Set-Cookie: _twitter_sess=***; domain=.twitter.com; path=/
Status: 200 OK
X-Revision: 0de0e8b99ab6b1ad7221bc90780a8bd39080a419
X-Transaction: 1253358340-38519-20933
6194782
...
https://twitter.com/sessions
POST /sessions HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ja,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://twitter.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 132
authenticity_token=***&session%5Busername_or_email%5D=asannou&session%5Bpassword%5D=***&q=
HTTP/1.x 302 Moved Temporarily
Date: Sat, 19 Sep 2009 11:15:08 GMT
Server: hi
X-Transaction: 1253358908-35371-10388
Status: 302 Found
Last-Modified: Sat, 19 Sep 2009 11:15:08 GMT
Location: http://twitter.com/
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Expires: Tue, 31 Mar 1981 05:00:00 GMT
X-Revision: 0de0e8b99ab6b1ad7221bc90780a8bd39080a419
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: lang=ja; path=/
Set-Cookie: lang=en; path=/
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=***; domain=.twitter.com; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 95
Connection: close
- この仕様によって可能になること
- 現時点で access token を持っているコンシューマが
- Access type (Read & Write/Read-only) に関わらず
- パスワード変更を除く web で行える操作すべて
- パスワード変更には今のパスワードが必要になるため
- 試してないけどアカウント削除もできそうな気配