cURL / Mailing Lists / curl-users / Single Mail


Web Login

From: Daniel Stenberg <>
Date: Thu, 29 May 2008 23:48:17 +0200 (CEST)


Today I added a chapter in the "The Art Of Scripting HTTP Requests Using Curl"
docuent and I thought I'd post it here for your pleasure. It is also committed
to CVS just now.

Please help me rephrase or otherwise improve this text to be as helpful as
possible, as I believe web logins are a very frequent source of trouble and
questions to curl users.

------------ start
13. Web Login

  While not strictly just HTTP related, it still cause a lot of people problems
  so here's the executive run-down of how the vast majority of all login forms
  work and how to login to them using curl.

  It can also be noted that to do this properly in an automated fashion, you
  will most certainly need to script things and do multiple curl invokes etc.

  First, servers mostly use cookies to track the logged-in status of the
  client, so you will need to capture the cookies you receive in the
  responses. Then, many sites also set a special cookie on the login page (to
  make sure you got there through their login page) so you should make a habit
  of first getting the login-form page to capture the cookies set there.

  Some web-based login systems features various amounts of javascript, and
  sometimes they use such code to set or modify cookie contents. Possibly they
  do that to prevent programmed logins, like this manual describes how to...
  Anyway, if reading the code isn't enough to let you repeat the behavior
  manually, capturing the HTTP requests done by your browers and analyzing the
  sent cookies is usually a working method to work out how to shortcut the
  javascript need.

  In the actual <form> tag for the login, lots of sites fill-in random/session
  or otherwise secretly generated hidden tags and you may need to first capture
  the HTML code for the login form and extract all the hidden fields to be able
  to do a proper login POST. Remember that the contents need to be URL encoded
  when sent in a normal POST.

------------ stop

Received on 2008-05-29