curl-users
Web Login
Date: Thu, 29 May 2008 23:48:17 +0200 (CEST)
Hey
Today I added a chapter in the "The Art Of Scripting HTTP Requests Using Curl"
docuent and I thought I'd post it here for your pleasure. It is also committed
to CVS just now.
Please help me rephrase or otherwise improve this text to be as helpful as
possible, as I believe web logins are a very frequent source of trouble and
questions to curl users.
------------ start
13. Web Login
While not strictly just HTTP related, it still cause a lot of people problems
so here's the executive run-down of how the vast majority of all login forms
work and how to login to them using curl.
It can also be noted that to do this properly in an automated fashion, you
will most certainly need to script things and do multiple curl invokes etc.
First, servers mostly use cookies to track the logged-in status of the
client, so you will need to capture the cookies you receive in the
responses. Then, many sites also set a special cookie on the login page (to
make sure you got there through their login page) so you should make a habit
of first getting the login-form page to capture the cookies set there.
Some web-based login systems features various amounts of javascript, and
sometimes they use such code to set or modify cookie contents. Possibly they
do that to prevent programmed logins, like this manual describes how to...
Anyway, if reading the code isn't enough to let you repeat the behavior
manually, capturing the HTTP requests done by your browers and analyzing the
sent cookies is usually a working method to work out how to shortcut the
javascript need.
In the actual <form> tag for the login, lots of sites fill-in random/session
or otherwise secretly generated hidden tags and you may need to first capture
the HTML code for the login form and extract all the hidden fields to be able
to do a proper login POST. Remember that the contents need to be URL encoded
when sent in a normal POST.
------------ stop
-- / daniel.haxx.seReceived on 2008-05-29