On 3/14/07, sebb <[EMAIL PROTECTED]> wrote:
On 14/03/07, robert lazarski <[EMAIL PROTECTED]> wrote:
> On 3/14/07, sebb <[EMAIL PROTECTED]> wrote:
> > On 14/03/07, robert lazarski <[EMAIL PROTECTED]> wrote:
You may need the referer (sic) header.
> Cookie: JSESSIONID=8EF794277593CDAE19A765619417894C
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 92
> j_username=xxx%40yahoo.com&j_password=yyy1&submit.x=22&submit.y=9&submit=Login
> HTTP/1.x 302 Moved Temporarily
> Server: Apache-Coyote/1.1
> X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0
> date=200610162339)/Tomcat-5.5
> Location: http://penguin.wazollc.net:8080/at/
> Content-Length: 0
> Date: Wed, 14 Mar 2007 17:13:58 GMT
> ----------------------------------------------------------
> http://penguin.myserver.net:8080/at/
>
> GET /at/ HTTP/1.1
> Host: penguin.wazollc.net:8080
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.1)
> Gecko/20061023 SUSE/2.0-30 Firefox/2.0
> Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,pt-br;q=0.8,en;q=0.5,pt;q=0.3
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Referer: http://penguin.myserver.net:8080/at/public/index.jsp
> Cookie: JSESSIONID=8EF794277593CDAE19A765619417894C
>
> HTTP/1.x 200 OK
> Server: Apache-Coyote/1.1
> X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0
> date=200610162339)/Tomcat-5.5
>
OK, I figured out how to pass the cookie via the url by teminating
with ;jsessionid . So after logging in with this url and the
parameters set:
/at/j_acegi_security_check
That returns a cookie. I can then send this url:
/at/j_acegi_security_check;jsessionid=2434FB90D8E1983245436D0C517898BF
And it will acknowledge is was already authenticated. The problem:
That won't work for the next data request. I can pass this url and it
will indeed get past the authentication:
/at/smartclient.form;jsessionid=2434FB90D8E1983245436D0C517898BF
However, that will throw an exception because /at/smartclient.form is
expecting params. For example, this would be ideal:
/at/smartclient.form?is_isc_rpc=true&isc_clientVersion=5.6b2&iscTNum=0;jsessionid=2434FB90D8E1983245436D0C517898BF
but the authentication does not acknowledge the cookie. I cannot get
the cookie manager to pass this cookie manually or automatically as
done with ;jsession to indicate previous authentication to either the
login or to smartclient.form.
Any ideas?
Robert
I can pass the login url with ;jessionid and the cookie returned from
the first login and it will acknowledge that it was previously
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
