curl-users
Re: Sms.aspx redirects to login.aspx on form post(actionusesjavascript); help wanted
From: Ceriel Jacobs <c_at_vakantieland.nl>
Date: Tue, 14 Aug 2007 12:07:06 +0200
Date: Tue, 14 Aug 2007 12:07:06 +0200
Op 14-aug-2007, om 10:16 heeft Aleksandar Lazic het volgende geschreven:
> On Mon 13.08.2007 22:33, Ceriel Jacobs wrote:
>> Livehttpheaders:
>> https://myaccount.1601telecom.nl/Profile/SMS.aspx
>> ^^^^^^
CJ: Why did you mark this section?
>> 0dca: function __doPostBack(eventTarget, eventArgument) {
> ^^^^^^^^^^^^
>
> http://aspalliance.com/895#Page2
> or
> http://www.google.com/search?q=__doPostBack
There is a lot of javascript, when submitting the form and doing a
single step debug, it does:
(1) check the filled out field values with regexp
(2) fill one hidden form field
(3) submit the form
ad. (2)
This is the plain form when filled out is:
--- 0 __LASTFOCUS hidden 1 ctl00_TreeView1_ExpandState hidden eennnnnnn 2 ctl00_TreeView1_SelectedNode hidden 3 __EVENTTARGET hidden 4 __EVENTARGUMENT hidden 5 ctl00_TreeView1_PopulateLog hidden 6 __VIEWSTATE hidden %%VIEWSTATE%% 7 ctl00$ContentPlaceHolder1$TBPhoneNr textarea %%PHONENUMBER%% 8 ctl00$ContentPlaceHolder1$DDLSMSCallerId select 1601 9 ctl00$ContentPlaceHolder1$message textarea %%MESSAGE%% --- As soon as the javascript submits the form, this is being submitted: 0. __LASTFOCUS 1. ctl00_TreeView1_ExpandState hidden eennnnnnn 2. ctl00_TreeView1_SelectedNode hidden 3. __EVENTTARGET hidden ctl00%24ContentPlaceHolder1%24SendSMS 4. __EVENTARGUMENT hidden 5. ctl00_TreeView1_PopulateLog hidden 6. __VIEWSTATE hidden %%VIEWSTATE%% 7. ctl00%24ContentPlaceHolder1%24TBPhoneNr textarea %%PHONENUMBER%% 8. ctl00%24ContentPlaceHolder1%24DDLSMSCallerId select 1601 9. ctl00%24ContentPlaceHolder1%24message textarea %%MESSAGE%% What the javascript fills, is the hidden field __EVENTTARGET (that was already caught by livehttpheaders). ad (3) There is also an onsubmit handler: WebForm_OnSubmit(); function WebForm_OnSubmit() { if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false; return true; } Which I do guess, double checks that the form fields are being validated before being submitted. > What I have also seen is: > == Info: Replaced cookie .ASPXAUTH="" for domain myaccount. > could this be the problem?! Yes, this is the problem. Just after posting the form data the webserver becomes convinced that the user should reauthenticate. But I don't know what triggers the reauthentication, because VIEWSTATE is included in the post and .ASPXAUTH is supplied in the cookie value.Received on 2007-08-14