cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: Beaten by cahoot.com

From: Richard Cooper <Richard.Cooper_at_aprsmartlogik.com>
Date: Wed, 16 Oct 2002 17:03:04 +0100

Thanks for your response. I always get both cookies, "Apache" and
"sesessionid" with the first call.
$ rm cahoot.cookie
$ curl ...
$ more cahoot.cookie

I then have to delete "sesessionid" from cahoot.cookie before running the
second call.

I can't explain why you get different behaviour to me (i.e. only getting
"Apache" the first time") or how IE manages to do this all transparently in
one request.

My apologies for flooding the list. You've help me identify and fix my
original problem, now I'm just interested in why things work as they do.

Cheers,

Rich.

> -----Original Message-----
> From: Roth, Kevin P. [mailto:KPRoth_at_MarathonOil.com]
> Sent: 16 October 2002 16:36
> To: curl-users_at_lists.sourceforge.net
> Subject: RE: Beaten by cahoot.com
>
>
> It appears you need to do the following first:
>
> $ curl -vi -c cahoot.cookie
> https://ibank.cahoot.com/Aquarius/web/en/core_banking/log_in/f
> rameset_top_log_in.html
>
> This establishes the "Apache" cookie. Notice that I didn't
> use "-b cahoot.cookie"; thus the cookie parser gets
> initialized with no cookies, and at the end of the request it
> writes out all cookies from memory into the cookie file,
> overwriting any previous cookies (session or otherwise).
>
> THEN, you can request your login page:
>
> $ curl -vi -b cahoot.cookie -c cahoot.cookie
> https://ibank.cahoot.com/servlet/com.aquarius.security.authent
> ication.servlet.LoginEntryServlet --referer
> https://ibank.cahoot.com/Aquarius/web/en/core_banking/log_in/f
> rameset_top_log_in.html
>
> This sends the Apache cookie up to the server, and gets a
> "sesessionid" cookie back along with the login page. I added
> "--referer", but I don't know if this server actually
> requires it. Better safe than sorry.
>
> Then, you should be able to submit your login info, and continue on.
>
> Since the browser makes the requests in this order (visits
> the "frameset_top_log_in" page first), I figured it's worth a
> try in curl, and it appears to work fine.
>
>
> Welcome to the wonderful world of HTTP ;-) You really have to
> get down and dirty with the protocol details to get things
> right from a scripting point of view...
>
> --Kevin
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: viaVerio will pay you up to
> $1,000 for every account that you consolidate with us.
> http://ad.doubleclick.net/clk;4749864;7604308;v?
> http://www.viaverio.com/consolidator/osdn.cfm
>

-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
Received on 2002-10-16

This message: [ Message body ]
Next message: Richard Cooper: "RE: Beaten by cahoot.com"
Previous message: Daniel Stenberg: "RE: Beaten by cahoot.com"
Maybe in reply to: Richard Cooper: "Beaten by cahoot.com"
Next in thread: Richard Cooper: "RE: Beaten by cahoot.com"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]