0

I have two pages

http://site.aspx?page=AddressData2&AddressID=298587,466579,66052

http://site.aspx?page=AddressData2&ShowPanel=EID

second link meant to maintain the same cookie / session info that stored in the first link after it was accessed.

I stored the cookie from the first one by:

$cookies    =array(
        $cookies[0]=>$cookies[1],
        "__utma"=>"250300755.603693956.1425821004.1425827777.1425854702.4",
        "__utmb"=>"250300755",
        "__utmc"=>"250300755",
        "__utmz"=>"250300755.1425821004.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)",
        "style"=>"A--"
);
$formattedCookies='';
foreach ($cookies as $key => $value) {
    $formattedCookies.=$key."=".$value."; ";
}
$formattedCookies   .=" path=/; HttpOnly ";

which closely simulate the same cookies you will obtain in the browser's cookie storage.

However, after I access the 2nd link by the same way of the first link

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER  ,1);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

// Disable SSL verification
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// Will return the response, if false it print the response
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// Set the url
curl_setopt($ch, CURLOPT_URL,$url_search);
// Execute
$result=curl_exec($ch);

and only in additional, for curl call accessing the 2nd link, I add this line under curl_setopt($ch, CURLOPT_HEADER ,1); to set the cookie I made previously,

curl_setopt($ch2, CURLOPT_COOKIE,$formattedCookies);

However, the result is dramatically different.

In the first link, the header result of curl_exec($ch2) looks like:

HTTP/1.1 302 Found
Date: Sun, 08 Mar 2015 23:28:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: site.aspx?page=AddressData2&AddressID=298587,466579,66052
Set-Cookie: ASP.NET_SessionId=grrmvt55muepmsqruxxqwfrl; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 201

HTTP/1.1 200 OK
Date: Sun, 08 Mar 2015 23:28:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=scmi1gvhrw5pwh45nv0hw1j3; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17170

While, in the 2nd link the result is like:

HTTP/1.1 302 Found
Date: Mon, 09 Mar 2015 00:01:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: site.aspx?page=error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 156

HTTP/1.1 200 OK
Date: Mon, 09 Mar 2015 00:01:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=dssnqq45hytyvy55kl3na455; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16335

As you can see the big difference exist between the Set-Cookie and Location, which in the 2nd link curl result, that Location becomes a error page, while set-cookie is not exist for the first section of the header.

I wonder where did I do wrong?

ey dee ey em
  • 7,991
  • 14
  • 65
  • 121

1 Answers1

2

CURLOPT_COOKIESESSION is not the option to set your request's Cookie: header. CURLOPT_COOKIE is. That said, path=/; HttpOnly should never be a part of it.

Since that second URI expects session cookie to be present in the request and it isn't because you fail to set it, it redirects you to an error message page.

Rather than trying to handle cookies manually, use a single curl handle with CURLOPT_COOKIEJAR option set for both requests.

lafor
  • 12,472
  • 4
  • 32
  • 35
  • But I do not have the session before I access the first page though, I thought cookiejar store a fixed cookie info in a static file prior even I access any page.... I suppose CURLOPT_COOKIE is better in this case? What you think? – ey dee ey em Mar 09 '15 at 01:41
  • Also, I tried to use COOKIE instead of COOKIESESSIOn, but received the same result... What you think one of the cookie that has ".utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)" could that conflict with the = that is already for assign the value to a cookie parameter? – ey dee ey em Mar 09 '15 at 01:45
  • `CURLOPT_COOKIEJAR` does save the cookies in a file on `curl_close()`, but it also makes curl manage cookies (i.e. read response `Set-Cookie:` and set request `Cookie:` headers) automatically. Since in your case the first URI sets the session cookie the second one needs, that's all you want. – lafor Mar 09 '15 at 01:47
  • WOW! it worked :D one quick question... is there way to tell php to do stuff... as if its javascript? Because there is this Show All button in the 2nd link that runs a sort of C# script with javascript... How should I really pass this parameter in this function correctly to php? See http://stackoverflow.com/questions/3591634/how-to-use-dopostback for that javascript function with the button – ey dee ey em Mar 09 '15 at 02:05
  • Well, I guess its extend to some different realm of trouble and will be not fair for you to get one point . Cheers! – ey dee ey em Mar 09 '15 at 02:22