cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: authentication and cookie

From: Yoav Schreiber <yoavs_at_mercury.co.il>
Date: Thu, 18 Mar 2004 03:13:00 +1100

It worked, thanks!

 

  _____

From: curl-library-bounces_at_cool.haxx.se
[mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Ralph Mitchell
Sent: Wednesday, March 17, 2004 4:12 PM
To: libcurl development
Subject: Re: authentication and cookie

 

Well, I'm mostly using the command-line tool, so it looks something like
this:

    curl -b cookies -c cookies http://some.domain.com
<http://some.domain.com>
    curl -b cookies -c cookies -u userid:passwd http://some.domain.com
<http://some.domain.com>

I guess with curl_easy the equivalent would be (approximately):

    .... [curl_easy_init, etc]....
    curl_easy_setopt (handle, CURLOPT_COOKIEFILE, "cookies");
    curl_easy_setopt (handle, CURLOPT_COOKIEJAR, "cookies");
    curl_easy_setopt (handle, CURLOPT_URL, <http://some.domain.com>
"http://some.domain.com");
    curl_easy_perform (handle);
    curl_easy_setopt (handle, CURLOPT_USERPWD, "userid:password");
    curl_easy_perform (handle);

though I haven't actually tried it...

Ralph

Yoav Schreiber wrote:

Are the original cookies kept in the second request (the request that
include the user and password)?

Are you calling curl_easy_perform() twice?

Do I have to call other curl api for making it happen?

 

Thanks

Yoav

 

  _____

From: curl-library-bounces_at_cool.haxx.se
<mailto:curl-library-bounces_at_cool.haxx.se>
[mailto:curl-library-bounces_at_cool.haxx.se
<mailto:curl-library-bounces_at_cool.haxx.se> ] On Behalf Of Ralph Mitchell
Sent: Wednesday, March 17, 2004 1:02 PM
To: libcurl development
Subject: Re: authentication and cookie

 

I've had this kind of thing happen to me. What I had to do was to "prime
the pump", as it were, by doing an initial fetch of the page *without*
trying to hand over the userid/password. I would then get back the demand
for authentication and re-do the page fetch *with* the userid/password.

In both page fetches, save and send cookies as necessary...

Ralph Mitchell

Yoav Schreiber wrote:

1. The user and password are correct but the cookie is missing (the server
sends the set-cookie in the header only with the 401 response).
BTW, is this a common behavior?
 
2. Yes, the Server wants the authentication header and the cookie.
 
3. We tried using the cookie jar option. The problem is that after this the
same cookie is sent in all requests of the session (after the 401 we get 302
redirection). This is problematic, because the server gives dynamic cookies
which differ in each response of the session. It seems libcurl keeps sending
the cookie from the cookie jar in all the following requests.
 
Thanks
Yoav
 
-----Original Message-----
From: curl-library-bounces_at_cool.haxx.se
<mailto:curl-library-bounces_at_cool.haxx.se>
[mailto:curl-library-bounces_at_cool.haxx.se
<mailto:curl-library-bounces_at_cool.haxx.se> ] On Behalf Of Daniel Stenberg
Sent: Wednesday, March 17, 2004 12:08 PM
To: libcurl development
Subject: Re: authentication and cookie
 
On Wed, 17 Mar 2004, Yoav Schreiber wrote:
 
  

I'm trying to connect a web server that requires basic authentication. I'm
connecting it with the user and the password (curl_easy_setopt() with
CURLOPT_USERPWD).
 
The response I am getting from the server is error 401 with a set cookie
    

in
  

the response header (although the user and password were set correctly).
    

 
If the user name and password are correct, then why is the server not
letting
you in?
 
  

The Server expects me to resend the request with the cookie set (from
looking at IE / Mozilla communication, this behavior does work and the
Server response is valid - 200).
    

 
So it wants the autentication header _and_ the cookie?
 
  

Is there any way I can overcome this with libcurl?
    

 
Provide the cookie in the request? There are multiple cookie options.
 
  

________________________________________________________________________
This email has been scanned for all viruses.

Mercury Interactive Corporation
Optimizing Business Processes to Maximize Business Results

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
<http://www.messagelabs.com/email>
______________________________________________________________________

________________________________________________________________________
This email has been scanned for all viruses.

Mercury Interactive Corporation
Optimizing Business Processes to Maximize Business Results

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
Received on 2004-03-17