Re: Posting to another server and end up there?

From: John Dalberg (john_dd_at_hotmail.com)
Date: 09/22/04 

Date: Wed, 22 Sep 2004 12:08:55 -0700

On Wed, 22 Sep 2004 17:37:41 +0100, Steven Burn wrote:

>> AFAIK, response.redirect tells the browser to go to a certain url and get
>> it so basically I am starting at the remote login page, which I do not
>> want. What needs to happen is the browser needs to think it already logged
>> in on the other server.
>
> Am I right in thinking, a cookie is set upon successful authorisation?, if
> so, this may be where the problem is as it could quite possibly be a case of
> the cookie being tied to your first (login) domain, instead of the domain
> you are querying/wanting to go to.
>
> If not, what does the second URL usually use? (cookies, sessions etc?)

There are no cookies set. I cleared the cookie file in Firefox, went to the
second url, logged in, closed Firefox, looked at the cookie file and it was
still empty.

The second url uses an interesting authentication scheme. Once you're
logged in using a form post, all the urls in the links in the next page
have what seems to be your own session id in them.
No cookies and no query strings are used. But I also have the a problem
because the urls are relative

So I guess because it's not using cookies or query string, a redirect won't
work because the browser doesn't know who I am.

Although there's another solution where I create a form dynamically and
sent it to the browser along with a form.submit() Javascript, this depends
on Javascipt enabled browser. That's why I wanted to do it in a pure
asp.net way.

John

Relevant Pages

  • Re: Posting to another server and end up there?
    ... > That's why I wanted to do it in a pure asp.net way. ... What needs to happen is the browser needs to think it already ... >> Am I right in thinking, a cookie is set upon successful authorisation?, ... what does the second URL usually use? ...
    (microsoft.public.inetserver.asp.general)
  • Re: Attempt to de-mystify AJAX
    ... "Hyperlinks" always open a new browser window. ... key (cookie) is still there and still contains the original value. ... You can get the cookies from the HTTP_COOKIE CGI environment variable. ...
    (comp.databases.pick)
  • Re: NSA Used Cookies to Track Visitors Web Activities?
    ... Could unwittingly installing a compromised browser open the doors wide to cookie-based intrusions? ... A cookie itself is unlikely to be a virus, but if the browser code is written in C, it is very likely to have arrays that are susceptible to "buffer overrun" Sometimes a clever enough person can use such a bug to cause executable code stored in an allegedly non-executable file to replace code in your browser or operating system. ... an external intruder coming in over an Internet connection, presumably that intruder would have access to the cookies on one's machine. ...
    (comp.sys.mac.system)
  • Re: Cookies from ASP.NET app not persisting even when enabled!
    ... > I'm new to ASP.NET and have been developing a small app at work to test ... > and the authorization cookie is saved as expected on the local machine. ... any browser OTHER THAN the one on the development ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Great SWT Program
    ... Every browser I've ever ... server when requesting any URLs from that server. ... doesn't send the cookie. ... every so often nail the ones that got by adblock, ...
    (comp.lang.java.programmer)