Bug in cookies in libwww-perl-5.803

Bug in cookies in libwww-perl-5.803

am 29.07.2005 01:46:48 von mysql

I'm trying to write a perl program to access the configuration of a VOIP
telephone through its web interface. The web interface assigns you a
session id cookie once you've logged in. It works with browsers but not
with libwww-perl5.803 as shipped with Fedora Core 4.

Here is the set-cookie header:
Set-Cookie: SessionId="ab6931f2c09b05c9"; Version=1; Path=/


Here is the correct cookie being sent (by Firefox):
Cookie: SessionId="bf754500cc94652f"

Here is the cookie being sent by LWP:
Cookie: $Version=1; SessionId="\"ab6931f2c09b05c9\""; $Path="/"

These cookies were captured with tcpdump and processed with ethereal.

Here is the perl code that I'm using:
=========================================
my $url="http://$address/";

# Set up the user agent:
my $ua=LWP::UserAgent->new;
$ua->cookie_jar({}); # Store cookies
$ua->timeout(3); # Set timeout

# Get the login page:
my $request=HTTP::Request->new(GET => $url);
my $response=$ua->request($request);

# Parse the form on the login page
my $form=HTML::Form->parse($response->content,$url);

# Stuff in the password
$form->value('P2' => $password);

# Submit it
$response = $ua->request($form->click);

# Get status page
$request=HTTP::Request->new(GET => "${url}status.htm");
$response=$ua->request($request);

# Show the results
my $r2=$response->content;
print "Response2:\n$r2\n";
=============================================
The output of this code is the login page, not the status page, because
the cookies have been tossed... er, mangled.

This appears to be the way to handle a temporary cookie jar, according
to http://search.cpan.org/dist/libwww-perl/lib/HTTP/Cookies.pm

And this is talking to a Grandstream Budgetone 100 SIP phone, in case
you're interested.

Also, I just modified this code to use a file for cookie storage, but
the cookie is still wonky.
-------------------------------------
#$ua->cookie_jar( {} ); # Store cookies temporarily
my $cookie_jar = HTTP::Cookies->new(
file=>"/tmp/lwp_cookies.dat",
autosave=>1,
);
$ua->cookie_jar($cookie_jar); # Store cookies
-------------------------------------
In addition, the /tmp/lwp_cookies.dat file doesn't contain any
cookies, just a comment line:

#LWP-Cookies-1.0

Re: Bug in cookies in libwww-perl-5.803

am 31.07.2005 17:05:15 von jjl

On Thu, 28 Jul 2005, Mysql user wrote:

> I'm trying to write a perl program to access the configuration of a VOIP
> telephone through its web interface. The web interface assigns you a
> session id cookie once you've logged in. It works with browsers but not
> with libwww-perl5.803 as shipped with Fedora Core 4.
>
> Here is the set-cookie header:
> Set-Cookie: SessionId="ab6931f2c09b05c9"; Version=1; Path=/
>
>
> Here is the correct cookie being sent (by Firefox):
> Cookie: SessionId="bf754500cc94652f"
>
> Here is the cookie being sent by LWP:
> Cookie: $Version=1; SessionId="\"ab6931f2c09b05c9\""; $Path="/"
[...]

Have you tried turning off RFC 2965 handling?

Even then, perhaps Version 1 cookies won't be downgraded to V0 cookies,
I don't recall. But try it and see.


John