cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: authentication and cookie

From: Ralph Mitchell <rmitchell_at_eds.com>
Date: Wed, 17 Mar 2004 05:02:05 -0600

I've had this kind of thing happen to me. What I had to do was to
"prime the pump", as it were, by doing an initial fetch of the page
*without* trying to hand over the userid/password. I would then get
back the demand for authentication and re-do the page fetch *with* the
userid/password.

In both page fetches, save and send cookies as necessary...

Ralph Mitchell

Yoav Schreiber wrote:

>1. The user and password are correct but the cookie is missing (the server
>sends the set-cookie in the header only with the 401 response).
>BTW, is this a common behavior?
>
>2. Yes, the Server wants the authentication header and the cookie.
>
>3. We tried using the cookie jar option. The problem is that after this the
>same cookie is sent in all requests of the session (after the 401 we get 302
>redirection). This is problematic, because the server gives dynamic cookies
>which differ in each response of the session. It seems libcurl keeps sending
>the cookie from the cookie jar in all the following requests.
>
>Thanks
>Yoav
>
>-----Original Message-----
>From: curl-library-bounces_at_cool.haxx.se
>[mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
>Sent: Wednesday, March 17, 2004 12:08 PM
>To: libcurl development
>Subject: Re: authentication and cookie
>
>On Wed, 17 Mar 2004, Yoav Schreiber wrote:
>
>
>
>>I'm trying to connect a web server that requires basic authentication. I'm
>>connecting it with the user and the password (curl_easy_setopt() with
>>CURLOPT_USERPWD).
>>
>>The response I am getting from the server is error 401 with a set cookie
>>
>>
>in
>
>
>>the response header (although the user and password were set correctly).
>>
>>
>
>If the user name and password are correct, then why is the server not
>letting
>you in?
>
>
>
>>The Server expects me to resend the request with the cookie set (from
>>looking at IE / Mozilla communication, this behavior does work and the
>>Server response is valid - 200).
>>
>>
>
>So it wants the autentication header _and_ the cookie?
>
>
>
>>Is there any way I can overcome this with libcurl?
>>
>>
>
>Provide the cookie in the request? There are multiple cookie options.
>
>
>
Received on 2004-03-17