develooper Front page | perl.libwww | Postings from August 2003

RE: Post fails with 302, returns same page

Thread Previous
From:
David Carter
Date:
August 20, 2003 03:38
Subject:
RE: Post fails with 302, returns same page
Message ID:
002b01c36707$07adab80$0201a8c0@bellsouth.net
I believe these two lines are the key to your problem:


> >'_rc' => 302
>   'location' => '/file/index.aspx'

It appears that your login has succeeded, and you are being redirected to
the index page. Your program now needs to send a GET for /file/index.aspx

This is very common in web apps that use application-level security. A
successful login results in a redirect. Why?  So that a refresh from the
index page does not result in re-processing of the login. 

It is a pet peeve of mine that a 302 response to a POST is not considered to
be redirectable by default in lwp.  Search the mailing list archives for
code that makes lwp handle this automatically. I don't have a copy handy or
I would include it - it's only a few lines.

I would also recommend taking a look at WWW::Mechanize -- it is a client
built on lwp that automates a lot of the form handling you're doing in your
script.





---
David Carter
david@carter.net


> >-----Original Message-----
> >From: Randall Perry [mailto:rgp@systame.com]
> >Sent: Tuesday, August 19, 2003 9:16 PM
> >To: libwww@perl.org
> >Subject: Post fails with 302, returns same page
> >
> >Am trying to automate access to a site which allows file upload. The 1st
> >page is for login. The 2nd page is for file upload, which loads upon
> >successful login from page 1. Code for these pages is written for .NET
> >and
> >running on IIS 6 (domain names changed to protect the guilty in code
> >below).
> >
> >I've used the Perl & LWP book as a guide and done everything I can think
> >of
> >to post the form for the 1st page (like taking care of cookies, adding
> >authentic UA headers, adding Referrer) but it keeps spitting back the
> >same
> >login page with a 302 status code. Login works fine in any browser I try
> >(IE, Safari, Camino).
> >
> >Below are details of the login page form, my perl code to access it, and
> >the
> >response headers for the failed post. I've about exhausted my resources
> >on
> >this and would appreciate any info on how to make this work.
> >
> >TIA
> >
> >
> >-------------------------------------------------------------------------
> >---
> >
> >************************************
> >The login page form has these fields
> >************************************
> >
> >    name = __VIEWSTATE, type = hidden
> >    UcLogin1:txtUsername, type = text
> >    UcLogin1:txtPassword, type = text
> >    UcLogin1:cmdLogin, type = submit
> >
> >It also sets these cookies:
> >.AUTHCOOKIE=3A3559513B6D1445231E8DF5BEBA661CE4D7CEEEFEB5FE08C9E025AE37697
> >BFF
> >F7AC2DB7C411E0043B6447400A5C29A1CD776B2BF2566EB18CB12021218C8C87E76FB226B
> >1DB
> >A587; path="/"; domain="acme.com"; path_spec; discard; version=0
> >
> >ASP.NET_SessionId=aol32cirlssfxoedaunelz55; path="/"; domain="acme.com";
> >path_spec; discard; version=0
> >
> >ASP.NET_SessionId=1z42nverpm5alkfkryntkk3t; path="/";
> >domain="www.acme.com";
> >path_spec; discard; version=0
> >
> >
> >************
> >My perl code
> >************
> >
> >use LWP::UserAgent;
> >
> >$browser = LWP::UserAgent->new;
> >
> >$browser->cookie_jar( {} );            # enable cookies
> >$response = $browser->get("https://www.acme.com/file/");
> >$doc = $response->content;
> >$doc =~ m/name="__VIEWSTATE" value="(.*?)"/;    # grab hidden viewstate
> >form
> >variable and add to $form_vars
> >$viewstate = $1;
> >
> >$https_url =
> >'https://acme.com/file/login.aspx?ReturnUrl=%2ffile%2findex.aspx'; # form
> >action
> >%form_headers =  (
> >    'Referer' =>
> >'https://acme.com/File/login.aspx?ReturnUrl=%2ffile%2findex.aspx',
> >    'User-Agent' => 'Mozilla/4.76 [en] (Win98; U)',
> >    'Accept-Language' => 'en-US',
> >    'Accept-Charset' => 'iso-8859-1,*,utf-8',
> >    'Accept-Encoding' => 'gzip',
> >    'Accept' => "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> >image/png, */*",
> >    );
> >
> >push(@$form_vars, '__VIEWSTATE'  => $viewstate);
> ># hidden var
> >push(@$form_vars, 'UcLogin1:txtUsername'  => 'uname');
> ># username
> >push(@$form_vars, 'UcLogin1:txtPassword'  => 'pword');
> ># password
> >push(@$form_vars, 'UcLogin1:cmdLogin'  => 'Login');
> ># named submit button with value
> >
> >$response = $browser->post($https_url, $form_vars, %form_headers);
> ># post login form
> >$doc = $response->content;
> >print $doc;
> >
> >**************************
> >Returned headers from post
> >**************************
> >'_headers' => HTTP::Headers=HASH(0x9b6d60)
> >   'cache-control' => 'private'
> >   'client-date' => 'Wed, 20 Aug 2003 00:29:23 GMT'
> >   'client-response-num' => 1
> >   'client-ssl-cert-issuer' => '/C=GB/O=Comodo Limited/OU=Comodo Trust
> >Network/OU=Terms and Conditions of use:
> >http://www.comodo.net/repository/OU=(c)2002 Comodo Limited/CN=Comodo
> >Class 3
> >Security Services CA'
> >   'client-ssl-cert-subject' =>
> >'/C=US/2.5.4.17=46615/ST=Florida/L=Orlando/2.5.4.9=ORLANDO/2.5.4.9=3024
> >FLAMINGO AVE./O=ACME Inc/OU=ACME Inc/OU=InstantSSL Pro/CN=www.acme.com'
> >   'client-ssl-cipher' => 'RC4-MD5'
> >   'client-ssl-warning' => 'Peer certificate not verified'
> >   'content-length' => 2993
> >   'content-type' => 'text/html; charset=utf-8'
> >   'date' => 'Wed, 20 Aug 2003 00:29:24 GMT'
> >   'location' => '/file/index.aspx'
> >   'microsoftofficewebserver' => '5.0_Pub'
> >   'server' => 'Microsoft-IIS/6.0'
> >   'set-cookie' => ARRAY(0x36c2c0)
> >      0  'ASP.NET_SessionId=aol32cirlssfxoedaunelz55; path=/'
> >      1
> >'.AUTHCOOKIE=3A3559513B6D1445231E8DF5BEBA661CE4D7CEEEFEB5FE08C9E025AE3769
> >7BF
> >FF7AC2DB7C411E0043B6447400A5C29A1CD776B2BF2566EB18CB12021218C8C87E76FB226
> >B1D
> >BA587; path=/'
> >   'title' => 'Object moved'
> >   'x-aspnet-version' => '1.1.4322'
> >   'x-powered-by' => 'ASP.NET'
> >'_msg' => 'Found'
> >'_protocol' => 'HTTP/1.1'
> >'_rc' => 302
> >'_request' => HTTP::Request=HASH(0x988a34)
> >   '_content' =>
> >'__VIEWSTATE=dDwxNjEzNDcwNTY3Ozs%2BL8uvsmCZLzJf4Is91Q%2FsUSKiZxk%3D&UcLog
> >in1
> >%3AtxtUsername=tasbill&UcLogin1%3AtxtPassword=tasbill&UcLogin1%3AcmdLogin
> >=Lo
> >gin'
> >   '_headers' => HTTP::Headers=HASH(0x98a75c)
> >      'accept' => 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> >image/png, */*'
> >      'accept-charset' => 'iso-8859-1,*,utf-8'
> >      'accept-encoding' => 'gzip'
> >      'accept-language' => 'en-US'
> >      'content-length' => 154
> >      'content-type' => 'application/x-www-form-urlencoded'
> >      'referer' =>
> >'https://acme.com/File/login.aspx?ReturnUrl=%2ffile%2findex.aspx'
> >      'user-agent' => 'Mozilla/4.76 [en] (Win98; U)'
> >   '_method' => 'POST'
> >   '_uri' => URI::https=SCALAR(0x9604b8)
> >      ->
> >'https://acme.com/file/login.aspx?ReturnUrl=%2ffile%2findex.aspx'
> >
> >
> >
> >--
> >Randall Perry
> >sysTame
> >
> >Xserve Web Hosting/Co-location
> >Website Development/Promotion
> >Mac Consulting/Sales
> >
> >http://www.systame.com/
> >
> >




Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About