cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: authentication and cookie

From: Ralph Mitchell <rmitchell_at_eds.com>
Date: Wed, 17 Mar 2004 08:12:10 -0600

Well, I'm mostly using the command-line tool, so it looks something like
this:

    curl -b cookies -c cookies http://some.domain.com
    curl -b cookies -c cookies -u userid:passwd http://some.domain.com

I guess with curl_easy the equivalent would be (approximately):

    .... [curl_easy_init, etc]....
    curl_easy_setopt (handle, CURLOPT_COOKIEFILE, "cookies");
    curl_easy_setopt (handle, CURLOPT_COOKIEJAR, "cookies");
    curl_easy_setopt (handle, CURLOPT_URL, "http://some.domain.com");
    curl_easy_perform (handle);
    curl_easy_setopt (handle, CURLOPT_USERPWD, "userid:password");
    curl_easy_perform (handle);

though I haven't actually tried it...

Ralph

Yoav Schreiber wrote:

> Are the original cookies kept in the second request (the request that
> include the user and password)?
>
> Are you calling curl_easy_perform() twice?
>
> Do I have to call other curl api for making it happen?
>
>
>
> Thanks
>
> Yoav
>
>
>
> ------------------------------------------------------------------------
>
> From: curl-library-bounces_at_cool.haxx.se
> [mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Ralph Mitchell
> Sent: Wednesday, March 17, 2004 1:02 PM
> To: libcurl development
> Subject: Re: authentication and cookie
>
>
>
> I've had this kind of thing happen to me. What I had to do was to
> "prime the pump", as it were, by doing an initial fetch of the page
> *without* trying to hand over the userid/password. I would then get
> back the demand for authentication and re-do the page fetch *with* the
> userid/password.
>
> In both page fetches, save and send cookies as necessary...
>
> Ralph Mitchell
>
>
> Yoav Schreiber wrote:
>
>1. The user and password are correct but the cookie is missing (the server
>
>sends the set-cookie in the header only with the 401 response).
>
>BTW, is this a common behavior?
>
>
>
>2. Yes, the Server wants the authentication header and the cookie.
>
>
>
>3. We tried using the cookie jar option. The problem is that after this the
>
>same cookie is sent in all requests of the session (after the 401 we get 302
>
>redirection). This is problematic, because the server gives dynamic cookies
>
>which differ in each response of the session. It seems libcurl keeps sending
>
>the cookie from the cookie jar in all the following requests.
>
>
>
>Thanks
>
>Yoav
>
>
>
>-----Original Message-----
>
>From: curl-library-bounces_at_cool.haxx.se <mailto:curl-library-bounces_at_cool.haxx.se>
>
>[mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
>
>Sent: Wednesday, March 17, 2004 12:08 PM
>
>To: libcurl development
>
>Subject: Re: authentication and cookie
>
>
>
>On Wed, 17 Mar 2004, Yoav Schreiber wrote:
>
>
>
>
>
>>I'm trying to connect a web server that requires basic authentication. I'm
>>
>>connecting it with the user and the password (curl_easy_setopt() with
>>
>>CURLOPT_USERPWD).
>>
>>
>>
>>The response I am getting from the server is error 401 with a set cookie
>>
>>
>>
>in
>
>
>
>>the response header (although the user and password were set correctly).
>>
>>
>>
>
>
>If the user name and password are correct, then why is the server not
>
>letting
>
>you in?
>
>
>
>
>
>>The Server expects me to resend the request with the cookie set (from
>>
>>looking at IE / Mozilla communication, this behavior does work and the
>>
>>Server response is valid - 200).
>>
>>
>>
>
>
>So it wants the autentication header _and_ the cookie?
>
>
>
>
>
>>Is there any way I can overcome this with libcurl?
>>
>>
>>
>
>
>Provide the cookie in the request? There are multiple cookie options.
>
>
>
>
>
>
> ________________________________________________________________________
> This email has been scanned for all viruses.
>
> Mercury Interactive Corporation
> Optimizing Business Processes to Maximize Business Results
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
Received on 2004-03-17