Getting data from a secure web page

Sarah Reichelt sarah.reichelt at gmail.com
Wed Feb 3 19:40:43 EST 2010


OK, I think I'm going round in every decreasing circles.... but I
thought I would describe the steps I am taking, in case anyone else
found it useful.


Using Firefox and Firebug to check what is going on, I see the following:

I connect to <https://memberservices.optuszoo.com.au/login/?target=/myusage/>.
I enter my details and these get POST'ed.
The result is a 302 that redirects to
<https://memberservices.optuszoo.com.au/myusage/>, using GET with no
parameters.
This page has the data that I need.

As far as I can see, there are no authentication headers, although
there is response header: "Set-Cookie:global_auth=....".

But checking the request headers for the second page (after the 302),
I see that there was a header:
"Cookie:JSESSIONID=444F4BE5150F4897E7B2A88BB12E7D5D; global_auth=..."

Not surprisingly, the global_auth section of the Cookie matches
global_auth section of the Set-Cookie response from the original page.
The JSESSIONID seems to be generated by the browser as part of the
original request.

Setting the httpHeaders to this and using
get URL "https://memberservices.optuszoo.com.au/myusage/"
with no user name & password supplied, did give me the data I
needed.... sometimes :-(


Both the JSESSIONID and the global_auth vary on repeated tests,
although I can see my user name embedded in the global_auth, as well
as a consistent set of numbers that is presumably my password
encrypted.

I have found that sometimes I get a JSESSIONID returned as part of the
libURLLastRHHeaders() from the login page, and sometimes I get the
global_auth. But I haven't been able to predict what I will get. If I
don't get the global_auth, then even using a previous JSESSIONID &
global_auth does not seem to work.

Sigh.....


Trevor, I downloaded your framework and got the modified libURL, but
the stack won't open - it says it is corrupt. I wonder is this due to
the multi-dimensional arrays stored as custom properties bug?
I opened the stack in a text editor and copied the scripts into a new
stack and tried using it instead, but not even a basic "get" worked
then, so I can't have done that right.

So a few questions for Trevor:
- is there a version of your libURL that opens in Rev 4.0 or 4.5?
- how do I make it the default instead of the current one?
- how do I set up the callback? I am familiar with using callbacks for
the asynchronous FTP commands but then I create a handler that gets
the callback message and processes it. What do I need to do in this
callback handler to make it follow the redirect?


Jim, I found your earlier thread about this sort of thing, but even
following your advice about headers, I still can't get it to work
reliably.

Thanks everyone for your patience and helpful suggestions.

Cheers,
Sarah



More information about the Use-livecode mailing list