I have been trying to use cURL (both within PHP and on the command line) to
script my way through our Aventail-driven Extraweb authentication system.
Extraweb is a bolt-on for Apache that appears to use Apache's own method of
maintaining a validated connection. Instead of using the basic Apache
login/pass prompt, however, Extraweb pops up a web page to capture you
credentials and then forwards you to the proper page. It does this by HTTP
posting your requested location on the web server, your username and
password and your session number back to itself. If it passes, it uses a
redirect in the header to forward you to the requested page. My problem is
that I although I can post in the proper values and Extraweb does indeed
authenticate me (I can tell that I'm authenticated because the next time I
access the page with that same session it tells me that I'm already
authenticated) the redirect to the page with the contact that I'm after
fails.

I'm guessing that this happens because cURL is either posting the the login
information to the new URL again, or because Apache is telling Aventail
Extraweb that I'm not an authenticated user. Perhaps this problem could be
avoided with the use of a persistent connection. I strongly suspect that
it's one of the two that's biting me here. Sadly, I'm not permitted to
publicly post the URLs in question to the list, but if anyone wants to
investigate the problem via e-mail I will be be able to provide more
specific test cases.

Help! This is driving me crazy. :)

_______________________________________________
Curl-and-php mailing list
Curl-and-php_at_lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/curl-and-php
Received on 2001-03-08