[英]Cookie authentication with Python requests
I am trying to mimic a user action on a site programmatically using Python requests
API. 我试图使用Python requests
API以编程方式模仿网站上的用户操作。 to accomplish this programmatically the request must have user/pass authentication and also should pass few NVPs as Cookies in Header. 要以编程方式完成此请求,请求必须具有用户/通过身份验证,并且还应将少量NVP作为标头中的Cookie传递。 To get the NVPs I initially make a dummy request and the server returns me the cookies. 为了获得NVP,我最初做出一个虚拟请求,服务器返回我的cookie。 I acquire the required values from these cookies and use this to send the actual request. 我从这些cookie中获取所需的值,并使用它来发送实际请求。 But the request doesn't succeeds and server complains I am not logged in. But if I use the cookie value from my browser the request succeeds. 但是请求没有成功,服务器抱怨我没有登录。但是如果我使用浏览器中的cookie值请求成功。
The the dummy request to programmatically acquire JSESSIONID,glide_user and glide_user_session params in cookie is 以编程方式获取cookie中的JSESSIONID,glide_user和glide_user_session params的虚拟请求是
response = requests.get('http://example.com/make_dummy_get',auth=('username','pasword'))
cookie_params = response.cookies.items()
below is the actual request 以下是实际要求
headers = {
'Host': 'example.com'
,'Connection': 'keep-alive'
,'Content-Length': 113
,'Cache-Control': 'max-age=0'
,'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
,'Origin': 'example.com'
,'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'
,'Content-Type': 'application/x-www-form-urlencoded'
,'Referer': 'www.example.com/asdas/'
,'Accept-Encoding': 'gzip,deflate,sdch'
,'Accept-Language': 'en-US,en;q=0.8'
,'Cookie': 'JSESSIONID=B6F7371A11825472CAB0366A4DCDD8EFB; glide_user="SC:Z3Vlc3Q=:b890b38b7f000001121dbe81a08c413ca5"; glide_user_session="SC:Z3Vlc3Q=:b890b38b7f000001121dbe81a08c413ca5"'
}
form_data = {
'param1': 'value1'
,'param2': 'value2'
,'param3': 'value3'
}
res = requests.post('http://example.com/make_post_request',auth=('username','pasword'),data=form_data,headers = headers)
It seems to me that the session created by my dummy request for some reason is getting closed and Hence the second request is rejected and html response says I must login to access the requested resource. 在我看来,我的虚拟请求由于某种原因创建的会话正在关闭,因此第二个请求被拒绝,html响应说我必须登录才能访问所请求的资源。
I did the same exercise with Java apache's HttpClient and ended with the same issue.What am I missing here to make the request succeed without any login or authentication issues? 我使用Java apache的HttpClient进行了相同的练习并以相同的问题结束。我在这里缺少什么来使请求成功而没有任何登录或身份验证问题?
First you should be using a Session
object from requests. 首先,您应该使用来自请求的Session
对象。 This will manage cookies (and prepare them for you) so you do not have to create the cookie header for yourself. 这将管理cookie(并为您准备),因此您不必为自己创建cookie标头。
s = requests.Session()
s.get('http://example.com/make_dummy_get',auth=('username','pasword'))
print(s.cookies)
Next I have to strongly advise you to stop setting the following headers: 接下来我强烈建议您停止设置以下标题:
Host
Content-Length
Content-Type
Cookie
All four of those headers will be generated by requests
for you. 所有这四个标题都将由您的requests
生成。 The Cookie
header will be generated using the CookieJar
that the Session
uses. Cookie
标头将使用Session
使用的CookieJar
生成。 The Content-Length
and Content-Type
will be computed while requests
prepares the body. 在requests
准备正文时,将计算Content-Length
和Content-Type
。
Also, if you're trying to use cookies to authenticate, the server is likely becoming confused because you're also passing auth=('username', 'password')
in your second request. 此外,如果您尝试使用cookie进行身份验证,则服务器可能会变得混乱,因为您还在第二个请求中传递了auth=('username', 'password')
。 That's generating an authorization header so you're both sending a Cookie
header and an Authorization
header. 这将生成一个授权标头,因此您既可以发送Cookie
标头,也可以发送Authorization
标头。 The server sees this as suspicious most likely and rightly refuses to accept your request as authenicated. 服务器最有可能认为这是可疑的,并且正确拒绝接受您的身份验证请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.