Automating form login and dropping off user on remote site

[Franklin H.]

I'm not sure to what extent this is at heart really a Perl question,
but maybe someone who's dealt wit this could point me in the right
direction.

I've been using LWP::UserAgent and HTTP::Cookies quite succesfully to
automate form submissions. I'm able to automatically login and navigate
as I please around the remote site.

But what I'm really looking to do is automatically log in to a site,
passing through what amounts to several authentication steps (all easy
enough so far) but then drop the user off on a page behind the
authentication.

This requires more than just displaying a copy of the remote page with
all URLs made absolute as the session cookie will no longer "work" with
the new page (as it doesn't really exist on the remote site).

Any thoughts?

 

[A. Sinan Unur]

But what I'm really looking to do is automatically log in to a site,
passing through what amounts to several authentication steps (all easy
enough so far) but then drop the user off on a page behind the
authentication.

This requires more than just displaying a copy of the remote page with
all URLs made absolute as the session cookie will no longer "work"
with the new page (as it doesn't really exist on the remote site).

I am not sure exactly what you mean by "drop off". Do you mean to have
the user's browser displaying a specific page following the steps above?

In that case, you probably want to interact with the browser, and have
the browser do the form submissions etc, rather than doing them using
LWP::UserAgent.

How you do that will depend on the operating system and the browser.

For Windows with IE, take a look at

http://search.cpan.org/~abeltje/Win32-IE-Mechanize-0.008/

Sinan

 

[Franklin H.]

I am not sure exactly what you mean by "drop off". Do you mean to have
the user's browser displaying a specific page following the steps

above?
The simplest example would be that of a login page. A user id and
password are both submitted and the user finds him or herself in the
secure area of the remote site (or on a fully functional copy thereof)
supplied with both a proper session ID embedded in the form and proper
session cookies.

In that case, you probably want to interact with the browser, and have
the browser do the form submissions etc, rather than doing them using
LWP::UserAgent.

A good thought but I'd like this to be effective as a CGI script, too,

Thanks for the input.
Fr.

 

[A. Sinan Unur]

easy

Please fix the quoting of your newsreader to wrap multiple levels of
quoting properly. You probably want to get a real newsreader rather than
using Google Groups.

The simplest example would be that of a login page. A user id and
password are both submitted and the user finds him or herself in the
secure area of the remote site (or on a fully functional copy thereof)
supplied with both a proper session ID embedded in the form and proper
session cookies.

Again, please specify what you mean by "finds himself".

A good thought but I'd like this to be effective as a CGI script, too,

So, you want a CGI script running on www.somesite.invalid to set a
cookie for the user's browser masquerading as www.anothersite.invalid? I
hope that is not implementable.

If you could provide a proper specification for what you are trying to
achieve, it might be possible to figure out how to do it.

Sinan

 

[David Efflandt]

above?
The simplest example would be that of a login page. A user id and
password are both submitted and the user finds him or herself in the
secure area of the remote site (or on a fully functional copy thereof)
supplied with both a proper session ID embedded in the form and proper
session cookies.

A good thought but I'd like this to be effective as a CGI script, too,

This sounds suspicious. If you want to pass cookies, that can be done if
both sites are cooperating on the same domain (even if different
hostnames). If you are not related, why should someone give you their
password?

Or are you using your authentication for a 3rd party, in which case you
probably need to pass everything through your server, unless you want to
reveal your auth credentials in the redirect URL?