httpwebrequests, cookies and sessionID

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

Hi,

I've been using httpwebrequest / xmlserverhttp to log into a website
via POST. I've received all the response headers back, some of which
contain the "set-cookie" headers.

When performing any other action on the website I need to submit the
JSESSION id and BSESSIONID as part of my POSTS.

I was just wondering where these session ids originate, from the server
or client side as I cannot see these in the response headers. If its
from the server how do I capture this? If it is client side, how does
one generate them? I assume if it is client side then they must be
being sent with my original log-in POST?

Thank you for any help,

Mike
 
The Session ID is in a cookie that is sent with the Response. It can be a
bit tricky to get them out. Here's some code from a class I wrote, which
should work for you:

if (Response.Cookies != null && Response.Cookies.Count > 0)
Cookies = Response.Cookies;
else if (Response.Headers["Set-Cookie"] != null)
{
string[] cookie = Text.Split(Response.Headers["Set-Cookie"], ";");
string[] av = Text.Split(cookie[0], "=");
Cookie c = new Cookie(av[0], av[1]);
c.Domain = Response.ResponseUri.Host;
Cookies.Add(c);
}

Cookies is a field that is of the type System.Net.CookieCollection.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Who is Mighty Abbott?
A twin turret scalawag.
 
Sorry this is still causing me a problem. In vb.net pseudo:

1 xmlhttp1 = CreateObject("MSXML2.ServerXMLHTTP.3.0")
2 xmlhttp1.Open("POST", "url", ....)
3 xmlhttp1.setRequestHeader("Accept", ".........."
4 xmlhttp1.setRequestHeader("Referer",
"http://www......................")
5 xmlhttp1.setRequestHeader("Accept-Language", "en-gb")
6 xmlhttp1.setRequestHeader("Content-Type", "
application/x-www-form-urlencoded")
7 xmlhttp1.setRequestHeader("Accept-Encoding", " gzip, deflate")
8 xmlhttp1.setRequestHeader("User-Agent", "Mozilla/4.0
(compatible.............")
9 xmlhttp1.setRequestHeader("Host", " www................")
10 xmlhttp1.setRequestHeader("Content-Length", ".......")
11 xmlhttp1.setRequestHeader("Proxy-Connection", "Keep-Alive")
12 xmlhttp1.setRequestHeader("Cache-Control", "cache")

13 xmlhttp1.send("username=.........&password=........&LoginB=......")

14 responsestring = xmlhttp1.getallResponseHeaders.ToString

If I look at the response I have received the following:

Date: Fri, 27 Jan 2006 20:42:39 GMT
Server: ................
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: userhistory=...................;Path=/;Expires=Sat,
27-Jan-07 20:42:39 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
Transfer-Encoding: chunked
Set-Cookie: NSC_cfufy=0a0a0aba1f90;expires=Sat,28-Jan-06 08:42:39
GMT;path=/

In your code you split out the parts of the "set-cookie" headers,
separated by ";" but I can't see anything about sessions in the
responses.

have I missed the point or is this information hidden somehow?

Many thanks,

Mike
 
I've realised where I was going wrong; if I do a "GET" to the host URL
first I get all the sessionID info back in the headers.

Then I can do the subsequent log-in and further action using this same
Id.

Kind regards,

Mike
 
Ok this is driving me crazy.
If I log onto the website normally, watch the traffic, extract the
session id, use it in my program it works fine.

If I direct my winform app to make a POST to the main site I get no
session id back.
If I make a GET to the main part of the website I get a session id
returned. Now if I use this extracted session id to make the log-in
POST it does not work.
The last part of the url for my GET and POST is different, but I
assumed that if I maintain the MSXML2.ServerXMLHTTP.3.0 object between
the GET and POST there is no reason the sessionid would change??

Please can anyone offer a suggestion?

Thanks
 
used httpwebrequest rather than ServerXMLHTTP in the end - much easier.
Session Ids were sent back with the first POST made.
 
Back
Top