Generate a WorldClient SessionID

11 Responses to “Generate a WorldClient SessionID”

1. A Developer Guy on May 1st, 2008 7:41 am

   I believe that the password should be replaced with XXXXXXX in the log file. If not, its a bug and should be fixed.

2. Dave Warren on May 2nd, 2008 1:35 am

   True — If you use WorldClient’s web server, the password is not logged.

   However, if you use IIS/Apache, or there are proxy servers involved, the password still may get logged.

3. ernesto on May 30th, 2008 7:29 am

   >>The result will return an XML file that will have >>the SessionID. Parse the XML file for the >>SessionID.

   how can I read the resulting XML? is it located in some folder on server??

4. Dave Warren on June 3rd, 2008 6:48 pm

   When you POST the request to Worldclient via HTTP (or HTTPS), the resulting XML is returned in the HTTP request.

   It is not saved to disk anywhere, your script will have to capture the results.

5. brandon on September 24th, 2008 4:04 pm

   I’m looking at using the POST method, or GET as a second resort. Does anyone know if you attempt to login via GET/POST and fail, does that count as a strike against the user in terms of login attempts and lockouts? So after say three logins they would be locked out of worldclient/mdaemon. This might be an issue if there is a possibility of outdated passwords or passwords that are not centralized in a single sign-on. I want to log them in to their mail automatically from a separate program with a browser.

6. Brian Lang on March 13th, 2009 12:44 pm

   It looks like MDaemon 10.0.4 Pro is not returning well-formed XML. Here is a sample of what I’m getting returned (edited to protect the innocent):
   ============================================================
   <caversion>10.0.4 Pro</caversion>
   <session-info>
   <session>ABCDEFG</session>
   <email>username@mail.example.com</email>
   <name>User Name</name>
   <instantmessaging>enabled</instantmessaging>
   <modifyglobalcontacts>disabled</modifyglobalcontacts>
   <calendar>enabled</calendar>
   <groupwareenabled>enabled</groupwareenabled>
   <groupwareuser>disabled</groupwareuser>
   </session-info>
   ============================================================

   I got around the problem by wrapping the returned XML in a root element which I named MDaemon but that’s klutzy. It would be better if MDaemon itself returned well-formed XML.

7. Brandon on July 21st, 2009 11:24 am

   I am able to do all this and login. However when I try to hit the logout page with a GET like I see in their HTML logout button http:/yourserver/WorldClient.dll?Session=XXXXXXX&View=Logout I get the correct page, but the session is staying active, I can refresh an open page such as the inbox for that session and it is still live. I need to be able to ensure a logout. Does anyone have a clue what could be happening?
   I am using WebRequest and WebResponse in ASP.net.

   thanks in advance

8. Brandon on July 21st, 2009 11:44 am

   nevermind on that last post, it was only a cookie error on my part. thanks

9. Brandon on September 25th, 2009 2:17 pm

   I have noticed that once this is done and you obtain a session. The session will time out and end the session. Is there a way to keep the session alive in the background if the user does not visit the worldclient page with that sessionid. Must we imitate the occasional visit or is there a simple post to do this?

10. Brian Lang on November 5th, 2009 2:37 pm

    I’m wondering if there’s a way to retrieve the unread message count via this, or any other method. Is there a documented API for WorldClient?

11. marcin on April 21st, 2011 6:25 am

    I would like to ask is there a best way to “store” user passwords: flat file, LDAP database or maybe AD? witch of these you use.

    maybe some example of working solution… I would like to run “SS-O” with WorldClient on Windows clients.

Leave a Reply