cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

RE: PHP/Curl: Any Way to Follow a REFRESH Meta Tag?

From: Keller, Bryan <Bryan.Keller_at_pfizer.com>
Date: Sat, 12 May 2001 18:29:31 -0400

> I would guess that this maintaining is simply a matter you sending back
> the correct set of cookies, as that is how lots and lots of web based
> apps keep authentication status between multiple requests.

Maybe I'm missing something about authentication here, but here's how I see
the problem:

1. Client sends http request with username/password to server
2. Server matches u/p, sends back cookies (one of which containes the
username and the base64 encoded password), and a location header pointing to
the login function of the application
3. Login function does logic to figure out permissions, etc. and sends a
meta refresh tag
4. At this point, you extract the refresh URL, and put it in a string.
Problem is you have to start a new curl instance (discontinuing your
authenticated status) and pass the username/password again, causing the
server to redirect you back to the login function, and send you the refresh
again...

I guess if somehow curl could follow the refresh tag, like it does the
location headers, it might work, or am I way off?

Thanks,

\Bryan

-----Original Message-----
From: Daniel Stenberg
To: Keller, Bryan
Cc: curl and php list
Sent: 5/11/01 6:32 PM
Subject: RE: PHP/Curl: Any Way to Follow a REFRESH Meta Tag?

On Fri, 11 May 2001, Keller, Bryan wrote:

(Please don't take the thread off the list, I'm sure other people will
want
to know...)

> I'm hitting a server that requires authentication. After
authenticating,
> the server sets 3 cookies, and sends you to a login function of the
> application (via Location: header). The login function takes one of
the
> cookies, does some logic to figure out what's available to you, and
sends
> you a page using the META REFRESH tag.
>
> My problem is that if I parse the refresh, and call another instance
of
> curl, the server attempts to authenticate me again and sends me to the
> login function again, rather than giving me the page.
>
> I guess the question is: is there a way in curl to maintain my
> authenticated status (like a browser would do), when I request the
page
> specified in the refresh tag?

Well, it depends on what "authenticated status" means. I guess that if a
browser can "maintain it", then so can we.

I would guess that this maintaining is simply a matter you sending back
the
correct set of cookies, as that is how lots and lots of web based apps
keep
authentication status between multiple requests.

And then, you need to pass the set of cookies to curl (the ones you
received
after the login) when you request the 'refresh'-page.

-- 
      Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
_______________________________________________
Curl-and-php mailing list
Curl-and-php_at_lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/curl-and-php
Received on 2001-05-13