1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to send http requuest to https domain and retrieve multipe cookies?

Discussion in 'C, C++, C#' started by sandrine10, Mar 4, 2017.

  1. sandrine10

    sandrine10 Jr. VIP Jr. VIP

    Joined:
    Apr 14, 2010
    Messages:
    694
    Likes Received:
    70
    Gender:
    Female
    Location:
    WakWak
    Hi guys,

    I tried to send httpwebrequest to a https domains using GET method to retrieve cookies first (i used cookiecontainer)then sending a second request with POST method,the problem is that i get only 1 cookie name!! when i checked i found that Request cookies contains multiple cookie names and Response cookies is only 1 cookie!!
    could you please let me know to retrieve all cookies?or guide me to find the solution.

    Thanks in advance
     
  2. rootjazz

    rootjazz Jr. VIP Jr. VIP

    Joined:
    Dec 21, 2012
    Messages:
    694
    Likes Received:
    340
    Occupation:
    Developer
    Location:
    UK
    Home Page:
    What do the headers say? Have you checked in fiddler?

    Chances are, if done correctly then the cookies will be extracted and stored in the cookie container.

    Couple of possibilites when they won't. IIRC if you do a POST and get a 302 response back with cookies, those may not be stored, whether this is a bug or part of the spec I don't know. Also, some date strings can cause issues. I believe the cookie string is wrong, but the .net framework cannot extract the cookies. However, this is unlikely as I have only come across it once in about 8 years.
     
  3. sandrine10

    sandrine10 Jr. VIP Jr. VIP

    Joined:
    Apr 14, 2010
    Messages:
    694
    Likes Received:
    70
    Gender:
    Female
    Location:
    WakWak
    Thank you rootiazz you are right i do a POST and get a 302 response,any solution to this case?
     
  4. mark_iwfhosting

    mark_iwfhosting Newbie

    Joined:
    Feb 25, 2017
    Messages:
    13
    Likes Received:
    2
    Gender:
    Male
    en. wikipedia. org/wiki/HTTP_302

    10.3.3 302 Found

    The requested resource resides temporarily under a different URI.
    Since the redirection might be altered on occasion, the client SHOULD
    continue to use the Request-URI for future requests. This response
    is only cacheable if indicated by a Cache-Control or Expires header
    field.

    The temporary URI SHOULD be given by the Location field in the
    response. Unless the request method was HEAD, the entity of the
    response SHOULD contain a short hypertext note with a hyperlink to
    the new URI(s).

    If the 302 status code is received in response to a request other
    than GET or HEAD, the user agent MUST NOT automatically redirect the
    request unless it can be confirmed by the user, since this might
    change the conditions under which the request was issued.

    Note: RFC 1945 and RFC 2068 specify that the client is not allowed
    to change the method on the redirected request. However, most
    existing user agent implementations treat 302 as if it were a 303
    response, performing a GET on the Location field-value regardless
    of the original request method. The status codes 303 and 307 have
    been added for servers that wish to make unambiguously clear which
    kind of reaction is expected of the client.

    10.3.4 303 See Other

    The response to the request can be found under a different URI and
    SHOULD be retrieved using a GET method on that resource. This method
    exists primarily to allow the output of a POST-activated script to
    redirect the user agent to a selected resource. The new URI is not a
    substitute reference for the originally requested resource. The 303
    response MUST NOT be cached, but the response to the second
    (redirected) request might be cacheable.

    The different URI SHOULD be given by the Location field in the
    response. Unless the request method was HEAD, the entity of the
    response SHOULD contain a short hypertext note with a hyperlink to
    the new URI(s).

    Note: Many pre-HTTP/1.1 user agents do not understand the 303
    status. When interoperability with such clients is a concern, the
    302 status code may be used instead, since most user agents react
    to a 302 response as described here for 303.
     
  5. gimme4free

    gimme4free Executive VIP Jr. VIP Premium Member

    Joined:
    Oct 22, 2008
    Messages:
    1,930
    Likes Received:
    1,945
    Home Page:
    Disable AllowAutoRedirect & read the connection - set the cookies - manually check the "Location" header & redirect (load) the URL
     
  6. sandrine10

    sandrine10 Jr. VIP Jr. VIP

    Joined:
    Apr 14, 2010
    Messages:
    694
    Likes Received:
    70
    Gender:
    Female
    Location:
    WakWak
    I enabled AllowAutoRedirect i'll try with it disabled and see if it'll work
     
  7. flashsites

    flashsites Junior Member

    Joined:
    Oct 27, 2015
    Messages:
    113
    Likes Received:
    5
    PM me Im looking for a Tinderbot
     
  8. rootjazz

    rootjazz Jr. VIP Jr. VIP

    Joined:
    Dec 21, 2012
    Messages:
    694
    Likes Received:
    340
    Occupation:
    Developer
    Location:
    UK
    Home Page:
    As the quote above, you have to do it manually.


    things that will help:

    checking if cookie is to be set, so if you need to (I don't think you do for this) you can parse it manually. If you don't have to, avoid as it can get messy (well my code is anyway ;)
    Code:
    response.Headers["Set-Cookie"] 
    get redirect location
    Code:
      response.Headers["Location"]
    Then you can just put a while loop around the status
    Code:
      while (response.StatusCode == HttpStatusCode.Found)

    I don't remember exactly but some cookies may be stored, some not. but if you detect a redirect and cookies set, extract each cookie and add it to your cookiecontainer and validate it is there after the redirect.

    Watch what happens when you run the sequence in your browser / mobile and carefully watch the cookies. Then do the same with your bot and ensure it is the same