login.asp & Set-Cookie

Dave Cragg dcragg at lacscentre.co.uk
Fri Aug 30 09:49:01 EDT 2002 

At 1:34 pm +0300 30/8/02, sims wrote:
>I am trying to access web page which requires the user to input
>a username & password into a dialog that pops up when one tries to access
>the web page.
>
>I have tried the following:
>
>put tUser & ":" & tPW into tAuthString
>put base64Encode(tAuthString) into tEncString
>put "Authorization: Basic realm=www.someDomain.com" && tEncString into tHeader
>set the httpHeaders to tHeader
>put URL tURL into fld "page"
>
>
>The web page does not appear but...
>From   libUrlLastRhHeaders() I get the following info:
>
>
>HTTP/1.1 302 Object moved
>Server: Microsoft-IIS/5.0
>Date: Fri, 30 Aug 2002 10:19:49 GMT
>MicrosoftOfficeWebServer: 5.0_Pub
>Location: login.asp
>Content-Length: 130
>Content-Type: text/html
>Set-Cookie: ASPSESSIONIDQGGGGWBO=IIJJMGCBHMHHMEDFALDDGDCH; path=/
>Cache-control: private
>Age: 7287
>Via: HTTP/1.1 noc-ts1 (Traffic-Server/4.0.18 [c s f ])
>
>
>
>Questions:
>
>Does the libUrlLastRhHeaders say that after checking & approving the
>username & password a cookie was sent to me?
>
>If above is true, how can I use this cookie info to obtain the web page?
>
>If I am all wrong here (which would not surprise me... ;-) how can I do this?

The response is principally saying that the url you asked for is no 
longer there. (HTTP/1.1 302 Object moved) I don't think any 
authorization took place.

libUrl should try to get the new url. However, I think it is 
expecting a full url in the "Location:" field, and not the relative 
path in this case. Do you know what was returned in the result 
function after the line:

put URL tURL into fld "page"

I would imagine an error of some kind.

I also think that libUrl will not use the httpHeaders you have set 
when it tries to connect to the moved url, so your authorization 
field will be lost. (But a moot point in this case.)

I'll take a look at this area of libUrl and see what improvements can 
be made for the next release.

In the meantime, you might try swapping the final part of the 
original url you connected to with "login.asp" and see what happens. 
For example:

http://www.someserver.com/somefile.html

becomes

http://www.someserver.com/login.asp

Also, are you sure the Authorization field needs the realm 
information? I thought this was only provided by the server to the 
client (so that browsers don't have to prompt users for a password 
each time they return to that realm within a session). Unless you are 
sure you need to provide the realm information, you don't need to set 
the Authorization field yourself. If you include the name and 
password in the url like this:

http://myName:myPassword@www.someserver.com/login.asp

libUrl will set the headers appropriately.

The Cookie field is just asking you to set a cookie. It's up to you 
what you do with this. Typically you store it, and return it in a 
header when you connect to that url again.


Cheers
Dave

More information about the use-livecode mailing list