Debugging an HTTP Form Login
This is a summary of the steps I’m taking to debug the following problem:
I am trying to login using Chilkat HTTP to this site:Startseiteand after the login, there is a 302 redirect. After the redirect, the session is lost. I believe it could be another cookie related issue.
1. Make sure I’m using the very latest version of the Chilkat HTTP component/library.
2. Set the SessionLogFilename property equal to the name of a log file the component will create. The exact HTTP requests and responses will be logged here. I’ll check them for cookies received and sent.
3. Call http.QuickGetStr(“http://www.mister-wong.com/”). Examine the session log and look for the Set-Cookie header in the response header. I see this:
Set-Cookie: wongsess=d6f97305c1cacd528948f6ba6d41816c; expires=Sun, 10 Dec 2034 19:56:30 GMT; path=/
Look at the LastErrorText which contains information even when the method succeeded. Make sure it’s saving the cookie. It does because I see this:
Saving cookies...
Cookie:
Domain: .mister-wong.com
Path: /
Expire: Sun, 10 Dec 2034 19:56:30 GMT
CookieName: wongsess
CookieValue: d6f97305c1cacd528948f6ba6d41816c
SaveCookie:
CookieDir: memory
Domain: www.mister-wong.com
HashKey: mister-wong_com.xml
4. OK, so far so good. Taking the next step — fetch the URL containing the login form: http://www.mister-wong.com/users/login/ The HTTP component *should* send the cookie previously received (if the cookie jar is “memory”, it must be the same instance of the HTTP object). The test code will now look like this:
Chilkat.Http http = new Chilkat.Http();
bool success = http.UnlockComponent("test");
if (!success)
{
textBox1.Text = http.LastErrorText;
}
http.CookieDir = "memory";
http.SaveCookies = true;
http.SendCookies = true;
http.SessionLogFilename = "httpSessionLog.txt";
string html1 = http.QuickGetStr("http://www.mister-wong.com");
textBox1.Text = http.LastErrorText;
string html2 = http.QuickGetStr("http://www.mister-wong.com/users/login/");
textBox1.Text += http.LastErrorText;
textBox2.Text = html2;
Looking at the LastErrorText for the 2nd QuickGetStr, I see this:
AddingCookie: wongsess=a693f8b733aa146a235cd5edfa755da1
The cookie is re-sent as it should be.
Looking at the session log file, I see this for the 2nd GET request:
---- Sending ---- GET /users/login/ HTTP/1.1 Accept: */* Accept-Encoding: gzip Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Language: en-us,en;q=0.5 User-Agent: Chilkat/1.0.0 (+http://www.chilkatsoft.com/ChilkatHttpUA.asp) Cookie: wongsess=a693f8b733aa146a235cd5edfa755da1 Host: www.mister-wong.com Connection: Keep-Alive
All looks OK.
5. Examine the HTML returned by the 2nd GET request. This should contain a login FORM. It does. Here it is:
<form id="UserLoginForm" method="post" action="/login"> <fieldset style="display:none;"> <input type="hidden" name="_method" value="POST" /> </fieldset> <div class="input text required"> <label for="UserName">Username:</label> <input name="data[User][name]" type="text" maxlength="40" value="" id="UserName" /></div> <div class="input password"> <label for="UserPassword">Password:</label> <input type="password" name="data[User][password]" value="" id="UserPassword" /> </div><div class="submit"> <input type="submit" value="Login" /> </div></form>
A POST must be sent to http://www.mister-wong.com/login, the values to be sent are: _method, data[User][name], data[User][password]. (The POST params are the “name” attributes of the “input” tags within the form. The type=”submit” input may be ignored — this is the submit button.
6. Add code to send the POST (actual username and password has been removed):
*** The customer’s mistake was the Path. The Path specified in the FORM is not “/users/login/”, it is “/login”. This is the Path that should be used for the POST:
....
Chilkat.HttpRequest http_request = new Chilkat.HttpRequest();
http_request.AddParam("data[User][name]", "***");
http_request.AddParam("data[User][password]", "***");
http_request.AddParam("_method", "POST");
http_request.UsePost();
http_request.Path = "/login";
Chilkat.HttpResponse http_response = http.SynchronousRequest("www.mister-wong.com", 80, false, http_request);
textBox1.Text += http.LastErrorText;
textBox2.Text = html2;
7. Examine the session log. I see this for the POST:
---- Sending ---- POST /login HTTP/1.1 Host: www.mister-wong.com Content-Type: application/x-www-form-urlencoded Content-Length: 67 Cookie: wongsess=2423f07ab5b543145f800717361ee8d9 data[User][name]=***&data[User][password]=***&_method=POST
The actual username/password values have been replaced with “***”. I see the cookie was properly sent.
8. The response to the POST (in this case) is a 302 redirect:
---- Received ---- HTTP/1.1 302 Found Date: Thu, 10 Dec 2009 14:35:53 GMT Server: Apache P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: WongCookie[Auth][User]=6d914d1612a372e523; expires=Fri, 10-Dec-2010 14:35:54 GMT; path=/ Location: http://www.mister-wong.com/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
9. A new cookie is set in the 302 response, and the Chilkat HTTP component redirects to the new URL. The proper action is to send an HTTP GET to the “Location” specified in the 302 response. The new cookie should be included in the GET. This is exactly what Chilkat HTTP does:
GET / HTTP/1.1 Accept: */* Accept-Encoding: gzip Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Language: en-us,en;q=0.5 User-Agent: Chilkat/1.0.0 (+http://www.chilkatsoft.com/ChilkatHttpUA.asp) Cookie: wongsess=2423f07ab5b543145f800717361ee8d9; WongCookieAuthUser=6d914d1612a372e523 Host: www.mister-wong.com Connection: Keep-Alive
10. The response is a “200 OK”:
---- Received ---- HTTP/1.1 200 OK Date: Thu, 10 Dec 2009 14:35:55 GMT Server: Apache P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
All looks to be in order…