login.asp & Set-Cookie
dcragg at lacscentre.co.uk
Fri Aug 30 09:49:01 EDT 2002
At 1:34 pm +0300 30/8/02, sims wrote:
>I am trying to access web page which requires the user to input
>a username & password into a dialog that pops up when one tries to access
>the web page.
>I have tried the following:
>put tUser & ":" & tPW into tAuthString
>put base64Encode(tAuthString) into tEncString
>put "Authorization: Basic realm=www.someDomain.com" && tEncString into tHeader
>set the httpHeaders to tHeader
>put URL tURL into fld "page"
>The web page does not appear but...
>From libUrlLastRhHeaders() I get the following info:
>HTTP/1.1 302 Object moved
>Date: Fri, 30 Aug 2002 10:19:49 GMT
>Set-Cookie: ASPSESSIONIDQGGGGWBO=IIJJMGCBHMHHMEDFALDDGDCH; path=/
>Via: HTTP/1.1 noc-ts1 (Traffic-Server/4.0.18 [c s f ])
>Does the libUrlLastRhHeaders say that after checking & approving the
>username & password a cookie was sent to me?
>If above is true, how can I use this cookie info to obtain the web page?
>If I am all wrong here (which would not surprise me... ;-) how can I do this?
The response is principally saying that the url you asked for is no
longer there. (HTTP/1.1 302 Object moved) I don't think any
authorization took place.
libUrl should try to get the new url. However, I think it is
expecting a full url in the "Location:" field, and not the relative
path in this case. Do you know what was returned in the result
function after the line:
put URL tURL into fld "page"
I would imagine an error of some kind.
I also think that libUrl will not use the httpHeaders you have set
when it tries to connect to the moved url, so your authorization
field will be lost. (But a moot point in this case.)
I'll take a look at this area of libUrl and see what improvements can
be made for the next release.
In the meantime, you might try swapping the final part of the
original url you connected to with "login.asp" and see what happens.
Also, are you sure the Authorization field needs the realm
information? I thought this was only provided by the server to the
client (so that browsers don't have to prompt users for a password
each time they return to that realm within a session). Unless you are
sure you need to provide the realm information, you don't need to set
the Authorization field yourself. If you include the name and
password in the url like this:
libUrl will set the headers appropriately.
The Cookie field is just asking you to set a cookie. It's up to you
what you do with this. Typically you store it, and return it in a
header when you connect to that url again.
More information about the Use-livecode