Problems with xmlHttpRequest + cookies + redirect

I am trying to login to a web service using xmlHttpRequest.

The web service in question seems to authenticate using cookies. After analyzing communication with IE browser, I concluded that the sequence is basically the following:

(1) server sends a form requesting username and password.

(2) client sends a POST request containing username and password typed.

(3) server sends a redirect message (HTTP 302) to the same URL with a "Set-Cookie" header containing the session ID

(4) client re-sends the same URL containing the cookie received from the server in redirect message.

(5) server receives session ID and concludes authentication.

I tried to emulate the same sequence using xmlHttpRequest in JavaScript. However, I found a problem.

It seems that xmlHttpRequest does not redirects cookies. I other words, (4) is not happening and authentication is not completed.

To make the problem worse, xmlHttpRequest does not seem to detect redirect events (it this was possible, I could at least set Cookie header before re-sending request). The onreadystatechange() function is called only after all re-direction process is completed.

So, I don't have any solution in mind to resolve this problem and complete authentication.

Also, as it is related a "public" web service, I am not able to change anything in the server side.

Any idea?


As far as I know you can't use xmlHttpRequest to query a url of a server different to the server you are connected to. ¿Could you do it?

In explanation if the page with the javascript code is in yourdomain.com you can't use xmlHttpRequest to call a web service in example.com.


With the previous comments I understood better the situation.

Steps (4) and (5) are only to redirect you to the main page, the real autentication ends in (3), once you get the cookies (using getheaders for example) you are logged in. Then for every new request you do with the correct cookies the website will see you as the logged in user.

Are you trying to automate a query to the site? Or just automate the login process?

链接地址: http://www.djcxy.com/p/3792.html

上一篇: 在AIR中禁用HTTP摘要身份验证窗口

下一篇: xmlHttpRequest + cookies +重定向问题