Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back to urlopen. The second method was to
use the cookiehandler method add_cookie_header. But in both cases,
before sending out the 2nd request, it seems to have empty headers --
which indicates to me that the necessary cookies have not been
attacked.
I also tryed messing with the policy quite a bit, thinking that might
be causing the cookies not to be returned. First I used the default,
then set some flags on the default, then even overrode methods on the
default to make it as lenient as possible. This had no apparent
effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full
code file. Apologies for all the comments, but I wanted to show what I
had tried.
-----------------
RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
the_url =
"http://www.dpreview.com/forums/login.asp?jump=editprofile.asp"
req = urllib2.Request(the_url)
#print "headers:", req.headers
#cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY,
# NO COOKIES RETURNED?
print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
-----------------
FULL CODE
#!/usr/bin/python
import urllib
import urllib2
import re
import os
from cookielib import *
class MyCookiePolicy(DefaultCookiePolicy):
def __init__(self):
DefaultCookiePolicy.__init__(self, rfc2965=True,
hide_cookie2=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal )
def set_ok(self, cookie, request):
return True
def return_ok(self, cookie, request):
return True
def domain_return_ok(self, cookie, request):
return True
def path_return_ok(self, cookie, request):
return True
the_url = 'http://www.dpreview.com/forums/login_post.asp'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
values = {
'email' : '****',
'password' : '****',
#"remember" : "checked", # <- create permanent cookie
'jump' : "/forums/"
}
# also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO
headers = { 'User-Agent' : user_agent }
data = urllib.urlencode(values)
req = urllib2.Request(the_url, data, headers)
# COOKIE POLICY
# tried using several configurations of the default cookie policy
#policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False,
strict_ns_domain=DefaultCookiePolicy.DomainLiberal )
# tried using my own custom cookie policy
#policy = MyCookiePolicy()
policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False)
# CREATE COOKIE JAR WITH POLICY
cj = MozillaCookieJar()
cj.set_policy(policy)
# CREATE OPENER, AND OPEN PAGE
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(c j))
urllib2.install_opener(opener)
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE
for c in cj:
print "COOKIE:", c
print "URL:", handle.geturl()
print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN
for line in the_page.split('\n'):
line = line.strip()
if re.search("Welcome to the", line):
print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
# - tried using the install_opener above
# - tried using add_cookie_header
# - either way, can't seem to get cookies in the header of this request
the_url =
"http://www.dpreview.com/forums/login.asp?jump=editprofile.asp"
req = urllib2.Request(the_url)
#print "headers:", req.headers
#cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY
print "headers:", req.headers
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST
for line in the_page.split('\n'):
line = line.strip()
if re.search("To access", line):
print "MESSAGE:", line
print "URL:", handle.geturl()
print "INFO:", handle.info()
2  2208 
NEVERMIND. My friend pointed out that I am simply hitting the wrong
URL when trying to "test" whether I am logged in or not. The correct
one is: http://www.dpreview.com/forums/editprofile.asp
But I still have one question, if anyone knows -- why is it that when I
print out the headers on my request object, they are empty? I thought
that I should find the cookies there which are being sent back. This
is what I thought the problem was. Thanks if anyone can explain how
that works.
John
(PS i have stopped attacking the cookies now) jo**********@gmail.com wrote: Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back to urlopen. The second method was to
use the cookiehandler method add_cookie_header. But in both cases,
before sending out the 2nd request, it seems to have empty headers --
which indicates to me that the necessary cookies have not been
attacked.
I also tryed messing with the policy quite a bit, thinking that might
be causing the cookies not to be returned. First I used the default,
then set some flags on the default, then even overrode methods on the
default to make it as lenient as possible. This had no apparent
effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full
code file. Apologies for all the comments, but I wanted to show what I
had tried.
-----------------
RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
the_url =
"http://www.dpreview.com/forums/login.asp?jump=editprofile.asp"
req = urllib2.Request(the_url)
#print "headers:", req.headers
#cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY,
# NO COOKIES RETURNED?
print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
-----------------
FULL CODE
#!/usr/bin/python
import urllib
import urllib2
import re
import os
from cookielib import *
class MyCookiePolicy(DefaultCookiePolicy):
def __init__(self):
DefaultCookiePolicy.__init__(self, rfc2965=True,
hide_cookie2=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal )
def set_ok(self, cookie, request):
return True
def return_ok(self, cookie, request):
return True
def domain_return_ok(self, cookie, request):
return True
def path_return_ok(self, cookie, request):
return True
the_url = 'http://www.dpreview.com/forums/login_post.asp'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
values = {
'email' : '****',
'password' : '****',
#"remember" : "checked", # <- create permanent cookie
'jump' : "/forums/"
}
# also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO
headers = { 'User-Agent' : user_agent }
data = urllib.urlencode(values)
req = urllib2.Request(the_url, data, headers)
# COOKIE POLICY
# tried using several configurations of the default cookie policy
#policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False,
strict_ns_domain=DefaultCookiePolicy.DomainLiberal )
# tried using my own custom cookie policy
#policy = MyCookiePolicy()
policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False)
# CREATE COOKIE JAR WITH POLICY
cj = MozillaCookieJar()
cj.set_policy(policy)
# CREATE OPENER, AND OPEN PAGE
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(c j))
urllib2.install_opener(opener)
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE
for c in cj:
print "COOKIE:", c
print "URL:", handle.geturl()
print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN
for line in the_page.split('\n'):
line = line.strip()
if re.search("Welcome to the", line):
print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
# - tried using the install_opener above
# - tried using add_cookie_header
# - either way, can't seem to get cookies in the header of this request
the_url =
"http://www.dpreview.com/forums/login.asp?jump=editprofile.asp"
req = urllib2.Request(the_url)
#print "headers:", req.headers
#cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY
print "headers:", req.headers
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST
for line in the_page.split('\n'):
line = line.strip()
if re.search("To access", line):
print "MESSAGE:", line
print "URL:", handle.geturl()
print "INFO:", handle.info()
NEVERMIND. My friend pointed out that I am simply hitting the wrong
URL when trying to "test" whether I am logged in or not. The correct
one is: http://www.dpreview.com/forums/editprofile.asp
But I still have one question, if anyone knows -- why is it that when I
print out the headers on my request object, they are empty? I thought
that I should find the cookies there which are being sent back. This
is what I thought the problem was. Thanks if anyone can explain how
that works.
John
(PS i have stopped attacking the cookies now) jo**********@gmail.com wrote: Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back to urlopen. The second method was to
use the cookiehandler method add_cookie_header. But in both cases,
before sending out the 2nd request, it seems to have empty headers --
which indicates to me that the necessary cookies have not been
attacked.
I also tryed messing with the policy quite a bit, thinking that might
be causing the cookies not to be returned. First I used the default,
then set some flags on the default, then even overrode methods on the
default to make it as lenient as possible. This had no apparent
effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full
code file. Apologies for all the comments, but I wanted to show what I
had tried.
-----------------
RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
the_url =
"http://www.dpreview.com/forums/login.asp?jump=editprofile.asp"
req = urllib2.Request(the_url)
#print "headers:", req.headers
#cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY,
# NO COOKIES RETURNED?
print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
-----------------
FULL CODE
#!/usr/bin/python
import urllib
import urllib2
import re
import os
from cookielib import *
class MyCookiePolicy(DefaultCookiePolicy):
def __init__(self):
DefaultCookiePolicy.__init__(self, rfc2965=True,
hide_cookie2=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal )
def set_ok(self, cookie, request):
return True
def return_ok(self, cookie, request):
return True
def domain_return_ok(self, cookie, request):
return True
def path_return_ok(self, cookie, request):
return True
the_url = 'http://www.dpreview.com/forums/login_post.asp'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
values = {
'email' : '****',
'password' : '****',
#"remember" : "checked", # <- create permanent cookie
'jump' : "/forums/"
}
# also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO
headers = { 'User-Agent' : user_agent }
data = urllib.urlencode(values)
req = urllib2.Request(the_url, data, headers)
# COOKIE POLICY
# tried using several configurations of the default cookie policy
#policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False,
strict_ns_domain=DefaultCookiePolicy.DomainLiberal )
# tried using my own custom cookie policy
#policy = MyCookiePolicy()
policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False)
# CREATE COOKIE JAR WITH POLICY
cj = MozillaCookieJar()
cj.set_policy(policy)
# CREATE OPENER, AND OPEN PAGE
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(c j))
urllib2.install_opener(opener)
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE
for c in cj:
print "COOKIE:", c
print "URL:", handle.geturl()
print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN
for line in the_page.split('\n'):
line = line.strip()
if re.search("Welcome to the", line):
print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
# - tried using the install_opener above
# - tried using add_cookie_header
# - either way, can't seem to get cookies in the header of this request
the_url =
"http://www.dpreview.com/forums/login.asp?jump=editprofile.asp"
req = urllib2.Request(the_url)
#print "headers:", req.headers
#cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY
print "headers:", req.headers
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST
for line in the_page.split('\n'):
line = line.strip()
if re.search("To access", line):
print "MESSAGE:", line
print "URL:", handle.geturl()
print "INFO:", handle.info() This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: yukon |
last post by:
Hi there
the next is my platform
IIS5
windows 2000
asp vbscript
My working area has the next virtual directoy:
testAc (corrective ambient)
testAe (evolutionary ambient)
|
by: Dan Meehan |
last post by:
I created a music website that allows people to sign up and post
messages on some message boards and update their profiles and such.
The login script uses cookies, so when they Log Into the site it...
|
by: Mark Anderson |
last post by:
Sorry if this is a rookie mistake... I've been through all the FAQs and the
books I have but I can't see the mistake so I guess it's something simple
<g> - I'm an occasional JS user.
I've got...
|
by: Bennett F. Dill |
last post by:
Thanks for reading. I'm having problems with cookies from asp to asp.net
and back!
It seems like I can set a cookie in asp.net fine, and alter it at will, as
soon as asp touches it, asp.net...
|
by: Ravi |
last post by:
Hi ,
i am trying to pass the same session Id to all the webrequest, but
sometimes the response.cookies returns zero and sometimes one. is this to do
something with cookies expire. In this sample...
|
by: Mike |
last post by:
1. For some reason after the session has ended and the authentication cookie has expired I'm not being redirected to the login page. Insted I'm be assigned a new authentication cookie? Anyone have...
|
by: ltt19 |
last post by:
Hi Folks,
I'm just beggining with asp.net, and I'm doing a webpage to learn it. In the
main page, there is a text by default written in Portuguese, that the user
can change it it English by...
|
by: john.lehmann |
last post by:
Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail....
|
by: Gridlock |
last post by:
I'm trying to read the cookies using HttpContext.Current.Request.Cookies, but
the only cookie that I get is the ASP.NET SessionId cookie. There are many
cookies on the machine, why am I only...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
