Cookie changes during network request (302 Moved)

anshuman · October 23, 2013, 3:31pm

Dear Developers,

I am trying to use network request to login to a web site. I am loading the login page first, saving the cookie received in responseHeaders and setting headers[“Cookie”] for the next request to login. Lets call this CookieVal1.

Once the Login action is called, the website does a “302 Moved Temporarily” and tries to load the logged in member page. However, it changes the cookie value to CookieVal2 as part of ResponseHeaders of the login page operation (which gave the 302 Moved, which I can see in Firebug). And the final member page expects this new cookie value (CookieVal2) and not CookieVal1 to be sent as part of the request.

However, since we do not get the control back to the code for a 302 Moved response, Corona seems to be sending CookieVal1 for the member page request as well - and this gets denied by the web application as an invalid cookie (for the web application CookieVal1 does not exist anymore, its all about CookieVal2)

Any pointers will be much appreciated.

Setup: Corona simulator on Windows 7

Cheers,

Anshuman

anshuman · February 13, 2014, 8:23am

I believe this is related to http://forums.coronalabs.com/topic/43507-multiple-set-cookie-responses-in-http-get-headers/ as well, in both cases there is a HTTP 302 involved and we are unable to get all the cookies that were sent by the server response(s) in the lua code.

anshuman · February 21, 2014, 7:22pm

There is now a handleRedirects option in the network.request() parameters which are documented here:

http://docs.coronalabs.com/daily/api/library/network/request.html#params-optional

params.handleRedirects A boolean indicating whether automatic redirect handling (the default) is desired. Set this to false if you want to receive 302 responses and handle them yourself. This may be needed for certain kinds of login schemes or custom cookie handling.

local function networkListenerLogin( event ) print “== Entering: networkListenerLogin ==” – for key,value in pairs(event.responseHeaders) do print(key,": ",value) end – print(event.response) if (event.responseHeaders[‘Set-Cookie’]) then myCookie = event.responseHeaders[‘Set-Cookie’] – save cookie, keep appending later end if (event.responseHeaders[‘Location’]) then local headers = {} if myCookie then headers[“Cookie”] = myCookie – set cookie in header end local params = {} params.headers = headers params.handleRedirects = false network.request( event.responseHeaders[‘Location’], “GET”, networkListenerLogin, params ) end end local headers = {} local body = “POST body with username and password” local params = {} params.headers = headers params.body = body params.handleRedirects = false network.request( “targetURL”, “POST”, networkListenerLogin, params)

This way we can capture all cookies and manually set cookie in HTTP header.

Cheers,

Anshuman

anshuman · February 13, 2014, 8:23am

I believe this is related to http://forums.coronalabs.com/topic/43507-multiple-set-cookie-responses-in-http-get-headers/ as well, in both cases there is a HTTP 302 involved and we are unable to get all the cookies that were sent by the server response(s) in the lua code.

anshuman · February 21, 2014, 7:22pm

There is now a handleRedirects option in the network.request() parameters which are documented here:

http://docs.coronalabs.com/daily/api/library/network/request.html#params-optional

params.handleRedirects A boolean indicating whether automatic redirect handling (the default) is desired. Set this to false if you want to receive 302 responses and handle them yourself. This may be needed for certain kinds of login schemes or custom cookie handling.

local function networkListenerLogin( event ) print “== Entering: networkListenerLogin ==” – for key,value in pairs(event.responseHeaders) do print(key,": ",value) end – print(event.response) if (event.responseHeaders[‘Set-Cookie’]) then myCookie = event.responseHeaders[‘Set-Cookie’] – save cookie, keep appending later end if (event.responseHeaders[‘Location’]) then local headers = {} if myCookie then headers[“Cookie”] = myCookie – set cookie in header end local params = {} params.headers = headers params.handleRedirects = false network.request( event.responseHeaders[‘Location’], “GET”, networkListenerLogin, params ) end end local headers = {} local body = “POST body with username and password” local params = {} params.headers = headers params.body = body params.handleRedirects = false network.request( “targetURL”, “POST”, networkListenerLogin, params)

This way we can capture all cookies and manually set cookie in HTTP header.

Cheers,

Anshuman