I'm trying to submit some post data form using vbscript. The site I'm posting it to contains some java, and having poked around in the headers, I notice it's sending a cookie containing JSESSIONID, which I believe is to do with the java authentication:
Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXX
When I just send the address and the post data I want to send and look at the responsetext it's sent me back to the java authentication page, which makes me think I need to retrieve the jsessionid cookie and submit that back with the data as well.
This is the function I'm using to submit the post data. For simple forms this seems to work fine, but the java on this page has kind of thrown me:
Function Fetch(URL, POST)
Set WshShell = CreateObject("WScript.Shell")
Set http = CreateObject("Microsoft.XmlHttp")
http.open "POST", URL, FALSE
http.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
http.send POST
Fetch = http.responseText
set WshShell = nothing
set http = nothing
End Function
My questions really are: am how doing this right? Do I need to load the first page, get the cookie and resubmit it back with the form? And if so, how do I retrieve the cookie that the server sends back in the header? I can see when I look in the headers that they sent back:
Set-Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXX; Path=/Page
Thanks very much.
You could get via http.getResponseHeader("Set-Cookie") or parsing http.getAllResponseHeaders(). Then, you should add cookie values to request header via http.setRequestHeaders "Cookie", "JSESSIONID=XXXXXXXXXXXXXXXXXXXXX; Path=/Page" on next requests.
So, there is another option (if i'm not wrong), using CreateObject("WinHttp.WinHttpRequest.5.1").
It's capable to remember the cookies had previously to use on next requests as long as you use the same instance.
Related
This question already has answers here:
Retrieve ALL cookies from Internet Explorer
(1 answer)
Retrieiving Cookies and Sending Cookies and Post Variables in VBScript
(1 answer)
Closed 3 years ago.
I am trying to pull website data using WinHttp.WinHttpRequest.5.1. The website requires login and the cookie is stored with IE11. WinHttp.WinHttpRequest.5.1 creates it's own instance and therefore is not logged in to the requested website. Is there any way to use the active cookie from IE11 in the WinHttp.WinHttpRequest.5.1 request?
myURL = "https://postman-echo.com/get?foo1=bar1&foo2=bar2"
Set oXMLHttp = CreateObject("WinHttp.WinHttpRequest.5.1")
oXMLHttp.Open "GET", myURL , False
oXMLHttp.send
ohtmlFile.Write oXMLHttp.responseText
ohtmlFile.Close
You could try to use the WinHttpRequest GetResponseHeader method or parse the GetAllResponseHeaders method result to get the cookie value. Then, using the SetRequestHeader method to Adds, changes, or deletes an HTTP request header. More detail information, please check this article and this thread.
If the website requires a login, usually you can provide that information using HTTP Basic Authentication. This is usually done by adding a special header (Authorization) we add username:password encoded in base64.
Your code might look like this:
Dim sAuthorization
sAuthorization = "Basic Zm9vOmJhcg=="
oXMLHttp.Open "GET", myURL , False
oXMLHttp.setRequestHeader "Authorization", sAuthorization
oXMLHttp.send
This will depend on the API though, you can check the authentication requirements. It could use a different method and you might not need to encode your username:password. Sometimes you provide an API Key instead. Whatever the method used, you should be able to provide the required authentication in your HTTP Request.
I am trying to log in to a service using Ext.Ajax.request (ExtJS Version 6.2) by sending user id and password. A session cookie .ASPXAUTH is returned back in the response. I want to know about a way to get this cookie value, store it at client side and use it for further Ajax calls.
Assuming that the "cookie" is returned in the Set-Cookie HTTP response header, you don't need any additional steps to set it or "store it at the client side". As for the getting its value part, you can use the Ext.util.Cookies.get("cookieName") method.
My application is making a network call using xmlHttpRequest. In the response i am getting Set-Cookie header (verified with fiddler). I need to access these cookies from javasript. I tried with XmlHttpRequest.getAllResponseHeaders(), it is returning all headers except Set-Cookie.
Is there a way to access these cookies from javascript? If yes, please provide some example.
My application is running on Webbrowser control (IE10), Windows Phone 8.
Thanks in advance.
While awaiting a more specific answer, you can instead send all the cookies set from the server through a post response, then set it locally, as so (using jQuery to make it easier):
// Client
var cookie;
$.post('example.com',{'stuff':'data'},function(data){
cookie = data;
});
// Server
if(isset($_POST['stuff'])) echo WhateverTheCookieWouldBe;
Actually cookies can be accessed via
document.cookie // this will return a string contains all cookie values separated by semicolon
This is actually not true since because of the async nature of request
// Client
var cookie;
$.post('example.com',{'stuff':'data'},function(data){
cookie = data;
});
alert(cookie); // undefined
Coldfusion sessions - how exactly is CF identifying a connection / unique client
After doing some digging with remote CFCs I called from Word VBA I found they set sessions also. Which got me to thinking and Googling (unsuccessfully) for an explanation of just how CF does distinguish between different clients. I had previously assumed it was a browser cookie being set to identify the client, but then here I was consuming a web service through a word app and still getting the session variables and sessionID set.
So if I load and login to my app via browser (chrome) and hit a test page I get jsessionID = 123,If I fire up firefox and login I get a different jsessionid = 234 as expected. If I hit a remote cfc as a web service wsdl using Word VBA I can see jsessionid=345 returned to the VBA module. If I close Word and reopen my macro (containing a login request to the web service) I get a new jsessionID=567
So what is it about the request that CF is identifying and how does it persist the identification of the client?
This is the same issue in a VBA http call
Sub doHTTP()
Dim MyRequest As Object
Dim Val
httpString = "http://localhost:8888/test.cfm"
Set MyRequest = CreateObject("WinHttp.WinHttpRequest.5.1")
MyRequest.Open "GET", httpString
' Send Request.
MyRequest.Send
MsgBox MyRequest.ResponseText
'now pass in the session urltoken we have just retreived
MyRequest.Open "GET", httpString & "?urltoken=" & MyRequest.ResponseText
' resend a request, this time with the urltoken.
MyRequest.Send
'take a look and see if the session variables are correct
MsgBox MyRequest.ResponseText
End Sub
in a test.cfm
<cfif isdefined("URL.urltoken")>
<cfset session.urltoken="#URL.urltoken#">
<cfelse>
<cfset session.username="bob">
</cfif>
<cfoutput>session.urltoken="#session.urltoken#"</cfoutput><br>
<cfoutput>session.username="#session.username#"</cfoutput><br>
<cfoutput>session.sessionID="#session.sessionID#"</cfoutput>
OK that now works, interesting, I will need to remember for web service or http calls not using a browser I will need to pass the sessionID in the URL manually.
Definitely session maintained based on browser cookie. On first request from browser server assign token and this will used to make session connection in rest of the request. If browser cookies are disabled then you may need it pass CFID and CFTOKEN in URL for every request and in case of j2ee session management you may need to pass jsessionId as well (best way is to append session.URLToken in every request.)
In word macro you get new jsessionId because word may not have cookie and not able to persist connection but just try to concat session.URLToken in next Webservice call and you will get all your session back even after reopening word or even you can try copy session.URLToken from chrome browser request and append it in firefox request and you will get same session available in Chrome (same thing will work if you trying from different computer as well).
So moral of story is combination of CFID,CFTOKEN,JSessionId(in case of J2ee session management) use for connection between client and server either through URL or Cookie.
Can an AJAX response set a cookie? If not, what is my alternative solution? Should I set it with Javascript or something similar?
According to the w3 spec section 4.6.3 for XMLHttpRequest a user agent should honor the Set-Cookie header. So the answer is yes you should be able to.
Quotation:
If the user agent supports HTTP State Management it should persist,
discard and send cookies (as received in the Set-Cookie response
header, and sent in the Cookie header) as applicable.
Yes, you can set cookie in the AJAX request in the server-side code just as you'd do for a normal request since the server cannot differentiate between a normal request or an AJAX request.
AJAX requests are just a special way of requesting to server, the server will need to respond back as in any HTTP request. In the response of the request you can add cookies.
For the record, be advised that all of the above is (still) true only if the AJAX call is made on the same domain. If you're looking into setting cookies on another domain using AJAX, you're opening a totally different can of worms. Reading cross-domain cookies does work, however (or at least the server serves them; whether your client's UA allows your code to access them is, again, a different topic; as of 2014 they do).
Also check that your server isn't setting secure cookies on a non http request. Just found out that my ajax request was getting a php session with "secure" set. Because I was not on https it was not sending back the session cookie and my session was getting reset on each ajax request.