1

I use an ajax call to launch a php script on my server:

<?php
readfile("https://url.com/authenticateUser?login=test&apiKey=test");
$partNumber = urlencode($_POST['partNumber'];
readfile("https://url.com/search?\"partNumber\"=\"$partNumber\");
?>

then my script:

$.ajax({
url: "search.php";
type: "post",
dataType: "xml",
data : { partNumber : q }, //q is defined earlier....
success : function(data) {
 console.log(data);
}
});

What I get returned from the server is:

2Authentication Successfultrue1Invalid UserName or Passwordfalse

so my first readfile authenticates me as a user just fine, but then I go to make my second call and I'm logged out. What am I doing wrong here?

Brian Powell
  • 3,336
  • 4
  • 34
  • 60
  • I would assume it is because the application at `url.com` is expecting some kind of persistent session here (with a cookie, for example), which `readfile()` cannot provide. You're authenticating to it, but the subsequent call to `readfile()` would look to the remote service like an entirely new connection since no token is passed back. – Michael Berkowski Feb 14 '15 at 03:36
  • that's a great idea. any ideas or further reading on how I'd establish a cookie session for this instead of using `readfile()`? I know how to set a cookie internally on my server, but I have no idea how to send one to the url I'm connecting to and I can't seem to find anything on this searching S.O. – Brian Powell Feb 14 '15 at 03:39
  • [Here's a question with a complete example](http://stackoverflow.com/questions/1857377/php-using-curl-is-there-a-way-to-emulate-a-cookie-instead-of-saving-it-to-a-fil) using curl with `CURLOPT_COOKIEJAR`, but first you should verify if this service is actually using cookies by calling the first URL from you browser and inspecting the headers it returns. Otherwise, check any docs the service provides on how it handles authentication - there would need to be either a cookie for persistence, or perhaps some kind of API session token to pass as a URL param. – Michael Berkowski Feb 14 '15 at 03:46
  • When I just type the URL into the address bar with my credentials, here's what I get back: `{"Status":{"Code":"2","Message":"Authentication Succeeded","Success":"true"}}` What specifically in the headers am I looking for? There's a lot of data in there....... – Brian Powell Feb 14 '15 at 04:00
  • these 3 might be useful: `Connection:Keep-Alive`, `Set-Cookie:JSESSIONID=8370b66678bf31885f594f79e6a288575d28977b3c88b6d4b41e5633670f4918.e38Lb3qTb3aKai0RbxeMahqPbhb0; path=/Search; secure` and `Set-Cookie:BNI_SECookie=000000000000000000000000330aa8c00000bb01; Path=/; Domain=url.com; HttpOnly` – Brian Powell Feb 14 '15 at 04:02
  • There it is - it's setting a `JSESSIONID=837....` cookie, that would need to be sent back with the next request. The `BNI_SECookie` is probably needed too. – Michael Berkowski Feb 14 '15 at 04:03
  • awesome! I don't see where I would add that though.... there's no `?JSESSIONID=...` in their framework. – Brian Powell Feb 14 '15 at 04:04
  • No, it maybe can't be sent through the URL - your subsequent request needs to send the cookie back. You can _try_ sending `&JSESSIONID=` in the URL. I have seen many services support that behavior, but if it doens't work, you'll have to setup curl to capture and send the cookie back. – Michael Berkowski Feb 14 '15 at 04:06
  • Okay - I will have a go at that, and if it doesn't work, I will look into `curl`. Thank you so much for your time! – Brian Powell Feb 14 '15 at 04:09

0 Answers0