LWP, cookies, and adding to request string

Discussion in 'Perl Misc' started by Chris, Jul 7, 2003.

  1. Chris

    Chris Guest

    Hello all,

    I happened upon this group while searching around for
    information on this topic. Here's the situation:
    I've written a QA test tool for two sites that uses
    LWP and Cookies in Perl. On the first site, I used
    cookie_jar and everything worked just fine as far as
    sessions went. On the second site, however, once a
    user logs in, a unqique session variable (session=) is
    being passed around in the URL wherever you go in the
    members area.

    Is there a way to deal with this using LWP and
    cookie_jar? Another bit of information that may be
    useful: the login form is submitted via Javascript -
    I'm posting to the "resulting" members page via LWP,
    but there could possibly be a middle layer page that
    sets the session variable in the request string.

    i.e. Login Page->Js function->(some page I need to
    track down)->resulting members page

    In any case, thoughts and suggestions would be greatly
    appreciated.

    Regards,
    Chris
    Chris, Jul 7, 2003
    #1
    1. Advertising

  2. Chris

    Mina Naguib Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Chris wrote:
    > Hello all,
    >
    > I happened upon this group while searching around for
    > information on this topic. Here's the situation:
    > I've written a QA test tool for two sites that uses
    > LWP and Cookies in Perl. On the first site, I used
    > cookie_jar and everything worked just fine as far as
    > sessions went. On the second site, however, once a
    > user logs in, a unqique session variable (session=) is
    > being passed around in the URL wherever you go in the
    > members area.
    >
    > Is there a way to deal with this using LWP and
    > cookie_jar?


    No, it the CGI on the other end expects the session to be in the GET request parameters, it has to
    be there. Unless they're doing something very generic like $session = cookie("name") ||
    form("name"); which is both silly, insecure and highly unlikely.

    > Another bit of information that may be
    > useful: the login form is submitted via Javascript -
    > I'm posting to the "resulting" members page via LWP,
    > but there could possibly be a middle layer page that
    > sets the session variable in the request string.
    >
    > i.e. Login Page->Js function->(some page I need to
    > track down)->resulting members page
    >
    > In any case, thoughts and suggestions would be greatly
    > appreciated.


    When scripting stuff like that, one of the best tools I use (aside from a web browser) is a network
    sniffing tool, especially one with a good layer 7 analyzer such as ethereal. It makes it very easy
    to see *exactly* which variables are being submitted, the method used, any cookies, etc... Stuff
    that a javscript function might hide from the browser's end user.

    Best of luck.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQE/CeAleS99pGMif6wRAnknAJ49spMyC2QAKBJH1mXpJ099SmQALgCfZv8M
    +OUkrNdwUQe2cdGIZE0UFQ4=
    =41HS
    -----END PGP SIGNATURE-----
    Mina Naguib, Jul 7, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex Nitulescu

    Response.Cookies vs Request.Cookies

    Alex Nitulescu, Feb 3, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    8,459
    Hans Kesting
    Feb 3, 2005
  2. user
    Replies:
    3
    Views:
    649
    =?ISO-8859-1?Q?G=F6ran_Andersson?=
    Mar 31, 2007
  3. mhshpk
    Replies:
    0
    Views:
    539
    mhshpk
    Jul 18, 2007
  4. Eric
    Replies:
    1
    Views:
    2,053
    Mark Fitzpatrick
    Dec 28, 2007
  5. _Who
    Replies:
    7
    Views:
    2,638
Loading...

Share This Page