On 06/12/2007, Joseph Jupin <[EMAIL PROTECTED]> wrote: > On Thu, 6 Dec 2007 17:29:13 +0000 > sebb <[EMAIL PROTECTED]> wrote: > ... > >> > Here's the gist of the problem: > >> > > >> > Cookies are not enabled on your browser. Please adjust this in > >> >your > >> > security preferences before continuing > >> > > >> > yep - that's what I get back no matter what I do now. yes, I make > >> > sure the cookies look like a valid session from a browser. I've > >> >gone > >> > into firefox and pulled out all the cookies made for this domain - > >> >and > >> > mimic'd each and every one. > >> > >> You can't normally re-use cookies from another session. > >> > > ummm - why not? they're nothing but name-value pairs, rite? > So, if I copy those values - I should be able to mimic what's been > put in there, rite? Most of the time, the cookies are only written at > the beginning and then the next times they're just read for things > like timeout parameters, login values, etc. So, mimic-ing one > shouldn't be that big a deal, I would think.
For security reasons, cookie values that represent sessions are normally some "random" string to prevent them being guessed. The server will normally expire them after a short while, and may perform other legitimacy checks (e.g. match against IP address that was used when the cookie was generated). > Anyhoo - I'll look into that - but I think you missed the point to my > message. The message being returned is that the site is thinks that > cookies are not turned on! Sooooo - is there some parameter or > setting that needs to be set in the CookieSpec or Client to let it > know that cookies are turned on? How exactly does this work? The server might not find the correct cookie name or the correct value, or it may want cookies provided as a single line rather than multiple headers. > Just so you know - I've mapped the set-cookie calls and they're all > read and properly set - I output both the name and the attribute value > and compare against the cached values - each time it was a perfect > match. > other than maybe a time differential issue or time expiration problem, > I can't see that my cookie creation is the problem - I believe it's a > setting that needs to occur. Anybody know this? > > cool. > > peace. JOe... > > > >> > > >> > Yes, I've tried emulating different Browsers. My current one is > >> >set > >> > to Mozilla 5.0. > >> > > >> > I've gotten rid of the dread httpOnly tag by re-writing the > >> > CookieSpecBase class to ignore this parameter. From what I can > >> >tell, > >> > the site only sends it - it never tries to recover it - and the > >> >cookie > >> > itself doesn't even seem to store it as an attribute of the > >> >session. > >> > > >> > So, has anyone else seen this message - or could maybe direct me > >> >to > >> > possible solutions? > >> > >> Are you sure that the application is logging in correctly? > >> > > yes - it is. When the values for logging in (login and password) are > passed in through the cookies and through the calls - the site comes > back with the login value pulled in to the login field with that error > message - so it definitely knows that it's the login value - and I > know for a fact that the password is correct. > > > >> > The next thing I'm going to try is to attach a mechanism to watch > >> >how > >> > the cookie is formatted coming down and installed on a browser and > >> >see > >> > if it differs much from mine - and - vice versa - how the cookie > >> >looks > >> > going up and seeing if I match it. > >> > >> HttpClient supports logging: > >> > >> http://jakarta.apache.org/httpcomponents/httpclient-3.x/logging.html > > yes - I know this - I have both the wire debugging on and regular > debugging to see all the messages going by. I don't think I'm missing > anything. > > Just as an aside - how do I know the values for the cookies are loaded > to the site. That is - do they have a format on how to pass the data > (ie, "semi-colon" separate list of name-value pairs - what?)... Does > this make sense? > > peace. JOe... > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
