hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From distortion <mathias.soederb...@gmail.com>
Subject Re: Another Form-problem, cookies?
Date Thu, 29 Nov 2007 16:16:02 GMT

Roland Weber wrote:
> So the POST of the login form returns a page instead of a redirect.
> Have you taken a look at that page? Maybe it's the one you want.
> If not, it may contain an error description.
> cheers,
>   Roland

I had the code a bit messed up, but changed it and got another result this
time. I now get a redirect-status (302), but in some way the redirect isn't
working as intended. 

Did some scanning with WireShark and noticed that when i log in to the site
using Firefox the GET /my.php, which is redirected from /login.php, the
http-packet contains a Referer, that says:
Referer: http://www.torrentbytes.net/login.php\r\n

And when i attempt the same thing with my Java-program the http-packet for
GET /my.php doesn't have any Referer at all, so I'm guessin' that this is
what's causing my problems. Is it possible to send a Referer-attribute or

Here is the result I'm getting while running my app, the last Redirect says
OK, but I'm unable to GET any of the "logged-in"-pages:

Login form get: HTTP/1.1 200 OK
Initial set of cookies:
- PHPSESSID=f47e4d079b3f68d1a3547ed45c9c9e58
- checksum=3b8e2b8efcee77a88fe61182d0ed3a60

Login form post: HTTP/1.1 302 Found
Logon cookies:
- PHPSESSID=8db18443f72b735a40aa27e5ed62676f
- uid=*****
- pass=**************************
- validation=/* same as the checksum beneath */
- checksum=/* same as the validation above */
Location: http://www.torrentbytes.net/my.php

Redirect target: http://www.torrentbytes.net/my.php
Redirect: HTTP/1.1 200 OK

Any help is appreciated
// Mathias

import org.apache.commons.httpclient.*;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.cookie.CookieSpec;
import org.apache.commons.httpclient.methods.*;
import java.io.*;
import java.util.*;

 * <p>
 * A example that demonstrates how HttpClient APIs can be used to perform 
 * form-based logon.
 * </p>
 * @author Oleg Kalnichevski
public class FormBasedTest {

    static final String LOGON_SITE = "www.torrentbytes.net";
    static final int LOGON_PORT = 80;

    public FormBasedTest() {

    public static void main(String[] args) throws Exception {


        HttpClient client = new HttpClient();
        client.getParams().setParameter("http.useragent", "Mozilla/5.0,
(Windows; U; Windows NT 5.2; en-US; rv: Gecko/20071025
        client.getHostConfiguration().setHost(LOGON_SITE, LOGON_PORT,
        // 'developer.java.sun.com' has cookie compliance problems
        // Their session cookie's domain attribute is in violation of the
        // We have to resort to using compatibility cookie policy

        GetMethod authget = new GetMethod("/login.php");


        System.out.println("Login form get: " +
        // release any connection resources used by the method
        // See if we got any cookies
        CookieSpec cookiespec = CookiePolicy.getDefaultSpec();
        Cookie[] initcookies = cookiespec.match(
                LOGON_SITE, LOGON_PORT, "/", false,
        System.out.println("Initial set of cookies:");
        if (initcookies.length == 0) {
        } else {
            for (int i = 0; i < initcookies.length; i++) {
                System.out.println("- " + initcookies[i].toString());

        PostMethod authpost = new PostMethod("/takelogin.php");

        // Prepare login parameters
        NameValuePair action = new NameValuePair("action",
        NameValuePair userid = new NameValuePair("username", "username");
        NameValuePair password = new NameValuePair("password", "password");
        NameValuePair login = new NameValuePair("login", "Log in!");
                new NameValuePair[]{action, userid, password, login});

        System.out.println("Login form post: " +
        // release any connection resources used by the method

        // See if we got any cookies
        // The only way of telling whether logon succeeded is
        // by finding a session cookie
        Cookie[] logoncookies = cookiespec.match(
                LOGON_SITE, LOGON_PORT, "/", false,

        System.out.println("Logon cookies:");

        if (logoncookies.length == 0) {


        } else {

            for (int i = 0; i < logoncookies.length; i++) {
                System.out.println("- " + logoncookies[i].toString());


        // Usually a successful form-based login results in a redicrect to
        // another url
        int statuscode = authpost.getStatusCode();

        if ((statuscode == HttpStatus.SC_MOVED_TEMPORARILY) ||
                (statuscode == HttpStatus.SC_MOVED_PERMANENTLY) ||
                (statuscode == HttpStatus.SC_SEE_OTHER) ||
                (statuscode == HttpStatus.SC_TEMPORARY_REDIRECT)) {

            Header header = authpost.getResponseHeader("location");

            if (header != null) {

                String newuri = header.getValue();

                if ((newuri == null) || (newuri.equals(""))) {
                    newuri = "/";

                System.out.println("Redirect target: " + newuri);
                GetMethod redirect = new GetMethod(newuri);

                System.out.println("Redirect: " +

                /*BufferedReader in = new BufferedReader(new
                Scanner sc = new Scanner(in);
                while (sc.hasNextLine()) {

                // release any connection resources used by the method

            } else {

                System.out.println("Invalid redirect");

View this message in context: http://www.nabble.com/Another-Form-problem%2C-cookies--tf4893593.html#a14029044
Sent from the HttpClient-User mailing list archive at Nabble.com.

To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

View raw message