hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Detecting Whether Authentication Was Successful
Date Tue, 06 Mar 2007 02:18:16 GMT
On 05/03/07, Dan Bezdek <bezdekd@yahoo.com> wrote:
> Well, for one thing, there are 3 sites that I want to login, and I can easily do it on
all 3 sites using their login form and Post method.  So, I have no problem authenticating
on all 3 sites.  However, there must be some common way of knowing that you've been logged
in without having to do something site specific (for example, I can go through the response
body and find a string that indicates that I have been authenticated.  However, then I have
to customize the solution for each site and I don't see this being a good solution).
>

There is no standard way of indicating login success.
The server application writer can do whatever they like.

However, there are some common methods that servers and applications
use to keep track of the login state.

For example:
* cookies
* hidden fields
* URL rewriting

See http://en.wikipedia.org/wiki/HTTP_cookiehttp://en.wikipedia.org/wiki/HTTP_cookie
for some details

You may find that the 3 servers all use the same method.

Or you may find that the 3 servers all use the same or similar
responses to report login failure.

You will have to investigate.

> Also, it seems that I can't depend on the response code. For example on many sites, even
if I fail the authentication, they still send me a 200 response code.  If the  authentication
fails, shouldn't the site give me a response that indicated the authentication has failed?
 By the way, I don't have any control over those sites that I am trying to authenticate to;
so, I can't change the behavior of the server.
>

Response 200 just means that the server was able to return a page successfully.

The HTTP response codes do not say anything about the content.

There are some forms of authentication for which you can use the
response code - e.g. Basic, NTLM - these are handled by the server
before it returns any data, so for these you do get a non-200 response
code.

But in this case the servers are not using that form of authentication.

> Thanks,
> Dan
>
> sebb <sebbaz@gmail.com> wrote: This totally depends on how the site is coded.
>
> One approach is to try and access a page that is protected by the
> login and see what happens.
>
> But again, how you detect whether access has been granted depends on
> how the site is coded.
>
> Try with a browser an see what happens.
>
>
> On 05/03/07, Dan Bezdek  wrote:
> > Hi Everyone,
> >
> > I am new to HttpClient, and I can't find any source on the proper way of authenticating
when I am trying to login to a site that has a login form.
> >
> > Basically, I can login using post method, but I can't find any source that tells
me what response code should be returned in order for me to be sure that the authentication
has succeeded.  I don't really care what the server does after authentication (for exampale
if I get redirected or not), all I want to know is that I am logged in.  Someone suggested
that the standard way is to use the Head method first to make sure authentication would succeed.
 In any case, could someone please tell me what the common way of doing the authentication
is?  I don't need details, just a step-by-step outline of what to do and what response code
I should expect.
> >
> > I really appreciate your help.
> >
> > Thanks,
> > Dan Bezdek
> >
> >
> > ---------------------------------
> > Never miss an email again!
> > Yahoo! Toolbar alerts you the instant new Mail arrives. Check it out.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
>
>
>
>
> ---------------------------------
> Be a PS3 game guru.
> Get your game face on with the latest PS3 news and previews at Yahoo! Games.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message