cURL / Mailing Lists / curl-users / Single Mail

curl-users

Cookie jar handling in redirects

From: Charles Romestant <cromestant_at_gmail.com>
Date: Tue, 31 Mar 2015 15:10:50 -0400

Hello,
I've been messing around with this for a few days, trying to test a custom
oauth flow with no user interraction if some authentication headers are
present.
This flow basically moves from page to page setting cookes and finally
returning to a specific callback URL.
Now, this flow in the browser works ( tested it) and in postman also , but
I would love to leave an automated test with curl CLI running somewhere.
In my tests, I see the redirections being followed properly, but the
cookies are behaving a bit wonky.
Let me explain:

This is my command :
curl -v -H "X-MSISDN-HASHED: ux2gcxCxLBcmBo4END_OF_HASH" -H "X-MSISDN:
5959ENDOFFvALUE" "
https://pre-prod.id.myserver.com/oauth/v2/authorize?redirect_uri=http%3A%2F%2Fopenidtest.mycloud.net%3A3000%2Fcallback&client_id=oc3AOm2KTU92rG6Yzs7jAD74DUdTuuHO&scope=openid%20mobileid&login_hint=&prompt=none&response_type=code"
-c cookies.txt -L >/dev/null

As you can see I have a specific header and its hash (secret hashed), these
, in normal circumstances, are added by a specific network element on non
SSL traffic on my net. So the flow goes from [https]URL_/authorize
->[HTTP]URL_ /openid -->[HTTPS]URL/other --> CALLBACK

moving from https to http just to allow the network element to add the
headers at one point of the flow.

So the problem here is that I see the cookie being set and then unset by
curl ( full output [redacted for privacy of my comp] below)

I can see the cookie being set:
* Added cookie myserver_SESSION="" for domain pre-prod.id.myserver.com,
path /, expire 1427845458

< Set-cookie: myserver_SESSION = 22db4aad-8084-4094-c592-d8e5bad8756b;
Max-Age=18000; Version=1; path=/

but then I see on the second request ( following the 302 redirect)
> Cookie: myserver_SESSION=
then on the third request it my server sets another cookie, but this one
is also ignored by curl ( as evidenced by the content of the cookie file
pasted at the end).

in advance, thank you for your help.

Charles-Romestant-MacBook-Air:~ cromestant$ time curl -v -H
"X-MSISDN-HASHED: ux2gcxCxLBcmBo4END_OF_HASH" -H "X-MSISDN:
5959ENDOFFvALUE" "
https://pre-prod.id.myserver.com/oauth/v2/authorize?redirect_uri=http%3A%2F%2Fopenidtest.myservercloud.net%3A3000%2Fcallback&client_id=oc3AOm2KTU92rG6Yzs7jAD74DUdTuuHO&scope=openid%20mobileid&login_hint=&prompt=none&response_type=code"
-c cookies.txt -L >/dev/null

* Hostname was NOT found in DNS cache

% Total % Received % Xferd Average Speed Time Time Time
Current

Dload Upload Total Spent Left
Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* Trying 54.236.147.89...

* Connected to pre-prod.id.myserver.com (54.236.147.89) port 443 (#0)

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

* Server certificate: id.myserver.com

* Server certificate: Thawte SSL CA

* Server certificate: thawte Primary Root CA

> GET /oauth/v2/authorize?redirect_uri=http%3A%2F%
2Fopenidtest.myservercloud.net%3A3000%2Fcallback&client_id=oc3AOm2KTU92rG6Yzs7jAD74DUdTuuHO&scope=openid%20mobileid&login_hint=&prompt=none&response_type=code
HTTP/1.1

> User-Agent: curl/7.37.1

> Host: pre-prod.id.myserver.com

> Accept: */*

> X-MSISDN-HASHED: ux2gcxCxLBcmBo4END_OF_HASH

> X-MSISDN: 5959ENDOFFvALUE

< HTTP/1.1 302 Found

< Access-Control-Allow-Credentials: true

< Access-Control-Allow-Headers:
Authorization,Content-Type,Accept,Origin,X-Requested-With,X-CSDKVersion

< Access-Control-Allow-Methods: OPTIONS,GET,POST

< Access-Control-Allow-Origin:

< Access-Control-Max-Age: 86400

< Cache-Control: no-store

< Location: http://pre-prod.id.myserver.com/openid?auth_flow=

< Pragma: no-cache

* Added cookie myserver_SESSION="" for domain pre-prod.id.myserver.com,
path /, expire 1427845458

< Set-cookie: myserver_SESSION = 22db4aad-8084-4094-c592-d8e5bad8756b;
Max-Age=18000; Version=1; path=/

< Content-Length: 0

< Connection: keep-alive

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0

* Connection #0 to host pre-prod.id.myserver.com left intact

* Issue another request to this URL: '
http://pre-prod.id.myserver.com/openid?auth_flow='

* Found bundle for host pre-prod.id.myserver.com: 0x7f8a59601850

* Hostname was NOT found in DNS cache

* Trying 54.208.60.119...

* Connected to pre-prod.id.myserver.com (54.208.60.119) port 80 (#1)

> GET /openid?auth_flow= HTTP/1.1

> User-Agent: curl/7.37.1

> Host: pre-prod.id.myserver.com

> Accept: */*

> Cookie: myserver_SESSION=

> X-MSISDN-HASHED: ux2gcxCxLBcmBo4END_OF_HASH

> X-MSISDN: 5959ENDOFFvALUE

< HTTP/1.1 302 Found

< Access-Control-Allow-Origin:

< Content-Type: application/json

< Location: https://pre-prod.id.myserver.com/openid?auth_flow=

< Content-Length: 125

< Connection: keep-alive

* Ignoring the response-body

{ [data not shown]

100 125 100 125 0 0 147 0 --:--:-- --:--:-- --:--:--
147

* Connection #1 to host pre-prod.id.myserver.com left intact

* Issue another request to this URL: '
https://pre-prod.id.myserver.com/openid?auth_flow='

* Found bundle for host pre-prod.id.myserver.com: 0x7f8a59601850

* Re-using existing connection! (#0) with host pre-prod.id.myserver.com

* Connected to pre-prod.id.myserver.com (54.236.147.89) port 443 (#0)

> GET /openid?auth_flow= HTTP/1.1

> User-Agent: curl/7.37.1

> Host: pre-prod.id.myserver.com

> Accept: */*

> Cookie: myserver_SESSION=

> X-MSISDN-HASHED: ux2gcxCxLBcmBo4END_OF_HASH

> X-MSISDN: 5959ENDOFFvALUE

< HTTP/1.1 200 OK

< Access-Control-Allow-Origin: *

< Cache-Control: no-cache, must-revalidate

< Content-Type: text/html

< Date: Tue, 31 03 2015 18:44:18 GMT

< Pragma: no-cache

* Replaced cookie myserver_SESSION="" for domain pre-prod.id.myserver.com,
path /, expire 1427845458

< Set-cookie: myserver_SESSION =d16dbaba-79f9-4b03-b801-b5f004ee716d;
PROFILE-id=deleted; Max-Age=18000; Version=1; path=/

< X-Powered-By: Express

< Content-Length: 13529

< Connection: keep-alive

{ [data not shown]

100 13529 100 13529 0 0 13926 0 --:--:-- --:--:-- --:--:--
13926

* Connection #0 to host pre-prod.id.myserver.com left intact

real 0m0.987s

user 0m0.034s

sys 0m0.017s

Charles-Romestant-MacBook-Air:~ cromestant$ cat cookies.txt

# Netscape HTTP Cookie File

# http://curl.haxx.se/docs/http-cookies.html

# This file was generated by libcurl! Edit at your own risk.

pre-prod.id.myserver.com FALSE / FALSE 1427845458 myserver_SESSION

-- 
MSc. Charles M. Romestant F.
Merci de penser à l'environnement avant d'imprimer cet e-mail
Please think about the environment before you print this e-mail
Por favor piense en el medio ambiente antes de imprimir este e-mail

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-03-31

This message: [ Message body ]
Previous message: Xeno Campanoli: "Re: Is there the upper limit for the number of instances of curl runing at the same time?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]