LWP with SSL and Cookies....

So here is what I have so far, this is my attempt to manually insert
cookie data into the request header:

use HTTP::Request;
use LWP::UserAgent;

$ua = LWP::UserAgent->new(keep_alive => 1);
$ua->agent('Mozilla/5.0');

# Initial non-ssl request to www.intervalworld.com:
#
# Grabs JSESSIONID cookie

my $response_a = $ua->get("http://www.intervalworld.com");
my $cookie = $response_a->header("set-cookie");

# $cookie now contains my JSESSIONID data

# Now for my second request that requires the above cookie

my $req = new HTTP::Request 'POST','https://secure.intervalworld.com/web/cs';
$req->content_type('application/x-www-form-urlencoded');
$req->content('a=5&loginID=XXX&loginPassword=XXX&rememberMe= y');
$req->header('set-cookie' => "$cookie");
my $res = $ua->request($req);

print $res->as_string;

# The above prints a 500 error from WebSphere, the same
# kind of error I get if cookies were disabled in browser.



First question, does the above look correct? Is that how you can insert
the cookie data into the second request?

The other thing I thought about was maybe the server only accept requests
that have an appropriate referring URL. Since you have to hit,
www.intervalworld.com first, the POST to secure.intervalworld.com would
have www.intervalworld.com as the referring URL, something my perl script
lacks. How can I spoof the referring URL? I remember seeing how to do this
online awhile back, but cant find it.

Thanks

RE: LWP with SSL and Cookies....

Actually, I just got it to work... I know Fabio was interested, so later
tonight I'll post the working code. Did some re-arranging of the
cookie_jar logic.

Thanks

Re: LWP with SSL and Cookies

Here is the code that I got working which successfully uses the cookie
from the first request in order to POST a login to the second request.

use HTTP::Cookies;
use HTTP::Request;
use LWP::UserAgent;

# First HTTP request to mainpage (get initial cookie)

my $ua1 = LWP::UserAgent->new(keep_alive => 1);
$ua1->agent('Mozilla/5.0');
my $req = new HTTP::Request 'GET','http://www.intervalworld.com/web/cs';
my $cookie_jar = HTTP::Cookies->new;
$ua1->cookie_jar($cookie_jar);

my $res = $ua1->request($req);

print $res->as_string;

# Now for my second request that requires the above cookie for login

$req = new HTTP::Request 'POST','https://secure.intervalworld.com/web/cs';
$req->content_type('application/x-www-form-urlencoded');
$req->content('a=5&loginID=XXX&loginPassword=XXX&rememberMe= y');
$req->referrer('http://www.intervalworld.com/web/cs?a=5');
$res = $ua1->request($req);

print $res->as_string;


Cookie works as expected here. Could just have been how I was using it in
earlier attemps. Since I re-use $ua1 (which contains the valid cookie
objects for the session) I can continue to hit pages internal to the site
which require authentication.

Re: LWP with SSL and Cookies

Thanks to your suggestions I have made some steps ahead, even if not
reaching the full solution. I have discovered that I have to go thru 2
urls to get 2 different cookies (a JSESSIONID and another one) which
will then be sent with the authorization POST code.

Anyhow the last POST always brings me to an error page. I have studied
this page, and it has at the very top the following javascript:

**************************************************

*********************************************************

Of course this form will be automatically submitted and brings me to
the error page.
How can I get rid of that: if(top.location !=3D self.location) ???

Re: LWP with SSL and Cookies

I have followed john's suggestion, but still have this problem.
Looking into the response header from the web server, I have this
line:

Set-Cookie: JSESSIONID=3DDpliYuMrBA3YhPg3RhgAtKrAQPFNq17N6Orhghg5TkgUugE am0=
Tu!-812882274;
path=3D/

but the cookie is not really saved in the cookie file, so the
application won't get access...

I have setup cookies this way:

my $cookie_jar =3D HTTP::Cookies->new(file=3D>"testcookies.txt", autosave=
=3D>1);

$ua->cookie_jar($cookie_jar);

In the file testcookies.txt I can find the other cookies but not the
JSESSIONID...

Re: LWP with SSL and Cookies

Fabio Marzocca writes:

> I have followed john's suggestion, but still have this problem.

If you turn on "tracing" with "use LWP::Debug '+';" then HTTP::Cookies
will print some output that explains why it ignoed this cookie.

--Gisle


> Looking into the response header from the web server, I have this
> line:
>
> Set-Cookie: JSESSIONID=DpliYuMrBA3YhPg3RhgAtKrAQPFNq17N6Orhghg5TkgUugEam 0Tu!-812882274;
> path=/
>
> but the cookie is not really saved in the cookie file, so the
> application won't get access...
>
> I have setup cookies this way:
>
> my $cookie_jar = HTTP::Cookies->new(file=>"testcookies.txt", autosave=>1);
>
> $ua->cookie_jar($cookie_jar);
>
> In the file testcookies.txt I can find the other cookies but not the
> JSESSIONID...

Re: LWP with SSL and Cookies

On 03 Nov 2005 02:44:18 -0800, Gisle Aas wrote:
>
> If you turn on "tracing" with "use LWP::Debug '+';" then HTTP::Cookies
> will print some output that explains why it ignoed this cookie.


From tracing I got this line:

HTTP::Cookies::add_cookie_header: - checking cookie
JSESSIONID=3DDprL1yOJ4bgEWHCApQD2gP7ZLV1WrLIrRyfEvgyauq80weW ksHlN!-81288227=
4
HTTP::Cookies::add_cookie_header: it's a match

It seems the cookie is set, but it is not in the cookies' file..

Re: LWP with SSL and Cookies

What does this line mean:

LWP::UserAgent::_need_proxy: Not proxied


I do not have any proxy..