Cookies and PHP
June 1, 2007 10:51 AM   Subscribe

How do I return cookies while requesting a page using PHP?

I'm trying to build a PHP script that will submit a form using a web interface. The form is behind a login page, so I submit the login information. I get back one cookie that says JSESSIONID=; Path=/fasthome and another cookie that says _COOKIE=null; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

I've tried to guess at the format for submitting these cookies in the header of my next http request, but I keep getting redirected back to the login page.

Here's what I currently have for the header:
Accept-language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)
=null; Expires=Thu, 01-Jan-1970 00:00:10 GMT;

Someone suggested using CURL to me but my version of PHP was not compiled with it.

Any ideas on how to make this work?
posted by teaperson to Computers & Internet (9 answers total) 1 user marked this as a favorite
Response by poster: Oops, Metafilter didn't like my brackets. There's a hash value in both places after the JSESSIONID and the second cookie is APPNAME_COOKIE=null
posted by teaperson at 11:03 AM on June 1, 2007

Are you sure you're not getting dumped because the session ID is no longer valid, or is coming from a separate IP and likewise invalid?

If you're sure it's the formatting, try it in a black box: have your PHP script submit to its own server, and have the result page try to read the cookie back.
posted by mkultra at 11:40 AM on June 1, 2007

Do you have other cookie based pages working on the same server? Have you examined your php.ini file? One of the gotchas in PHP5 is that it has register_globals off as a default (which can dump a session as stated above). If the site was written for an older PHP that could be one area to look. (However, it would be best to have the code re-written to not use globals as they are in many cases a security risk).

That's about as far as my experience goes with this type of error, hope it helps until a more seasoned PHP developer chimes in.
posted by samsara at 12:02 PM on June 1, 2007

If you're unsure of the format, you could download ethereal and watch what a regular browser sends and then match that.
posted by sanko at 12:24 PM on June 1, 2007

Even if your php doesn't have curl, if you're running on a unix host there's a good chance that curl is accessible from the command line. I'd investigate that as this is pretty much what curl is for.
posted by Skorgu at 1:42 PM on June 1, 2007

Snoopy is a PHP clas that simulates a web browser, designed for exactly this kind of this. It can handle the correct cookie headers for you.
posted by scottreynen at 2:00 PM on June 1, 2007 [1 favorite]

This kind of thing, that is.
posted by scottreynen at 2:13 PM on June 1, 2007

If the cookie says JSESSIONID, there's a high chance you're dealing with a Tomcat application, and its built-in security. This goes to great lengths to ensure nobody is fucking about with it, including checking the referrer comes from a particular URL on its list of approved URLs. You could try faking it, but it's hard.
posted by bonaldi at 3:33 PM on June 1, 2007

Best answer: IIRC, this varies with the method you're using to make the request. CURL makes it easier, but it's not too hard without. Look into the ini_set and stream_context-create functions.

An example, slightly obfuscated, from some of my own code that uses the file method to make the request:
ini_set('user_agent','Lynx/2.7 libwww-FM/2.14');
$cookies = "_STATE=WAL; _VENUES=429625%2C29873%2C624016";
$opts = array(
    'header'=>"Accept-language: en\r\n" .
    "Referer:" .
    "Cookie: ".$cookies."\r\n";
$context = stream_context_create($opts);
$result = file($base_url, FALSE, $context);
As bonaldi says, it looks like a Tomcat app and they can be tricky...
posted by Pinback at 2:07 AM on June 2, 2007

« Older Best way to make a desktop PC quieter?   |   Corporate America's got it's grubby little hands... Newer »
This thread is closed to new comments.