Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Sms.aspx redirects to login.aspx on form post(actionusesjavascript); help wanted

From: Ceriel Jacobs <c_at_vakantieland.nl>
Date: Tue, 14 Aug 2007 12:07:06 +0200

Op 14-aug-2007, om 10:16 heeft Aleksandar Lazic het volgende geschreven:
> On Mon 13.08.2007 22:33, Ceriel Jacobs wrote:
>> Livehttpheaders:
>> https://myaccount.1601telecom.nl/Profile/SMS.aspx
>> ^^^^^^
CJ: Why did you mark this section?

>> 0dca: function __doPostBack(eventTarget, eventArgument) {
> ^^^^^^^^^^^^
>
> http://aspalliance.com/895#Page2
> or
> http://www.google.com/search?q=__doPostBack

There is a lot of javascript, when submitting the form and doing a
single step debug, it does:
(1) check the filled out field values with regexp
(2) fill one hidden form field
(3) submit the form

ad. (2)
This is the plain form when filled out is: 

---
0	__LASTFOCUS										hidden					
1	ctl00_TreeView1_ExpandState						hidden	eennnnnnn				
2	ctl00_TreeView1_SelectedNode						hidden					
3	__EVENTTARGET									hidden					
4	__EVENTARGUMENT								hidden					
5	ctl00_TreeView1_PopulateLog						hidden					
6	__VIEWSTATE										hidden	%%VIEWSTATE%%				
7	ctl00$ContentPlaceHolder1$TBPhoneNr				textarea	%%PHONENUMBER%%			
8	ctl00$ContentPlaceHolder1$DDLSMSCallerId			select	1601				
9	ctl00$ContentPlaceHolder1$message					textarea	%%MESSAGE%%
---
As soon as the javascript submits the form, this is being submitted:
0.	__LASTFOCUS				
1.	ctl00_TreeView1_ExpandState						hidden	eennnnnnn	
2.	ctl00_TreeView1_SelectedNode						hidden
3.	__EVENTTARGET									hidden	ctl00%24ContentPlaceHolder1%24SendSMS	
4.	__EVENTARGUMENT								hidden
5.	ctl00_TreeView1_PopulateLog						hidden
6.	__VIEWSTATE										hidden	%%VIEWSTATE%%	
7.	ctl00%24ContentPlaceHolder1%24TBPhoneNr			textarea	%%PHONENUMBER%%
8.	ctl00%24ContentPlaceHolder1%24DDLSMSCallerId	select	1601	
9.	ctl00%24ContentPlaceHolder1%24message			textarea	%%MESSAGE%%
What the javascript fills, is the hidden field __EVENTTARGET (that  
was already caught by livehttpheaders).
ad (3)
There is also an onsubmit handler: WebForm_OnSubmit();
function WebForm_OnSubmit() {
	if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit()  
== false) return false;
	return true;
}
Which I do guess, double checks that the form fields are being  
validated before being submitted.
> What I have also seen is:
> == Info: Replaced cookie .ASPXAUTH="" for domain myaccount.
> could this be the problem?!
Yes, this is the problem.
Just after posting the form data the webserver becomes convinced that  
the user should reauthenticate.
But I don't know what triggers the reauthentication, because  
VIEWSTATE is included in the post and .ASPXAUTH is supplied in the  
cookie value.
Received on 2007-08-14