为发布请求模拟xhr

Question

I'm trying to send a post request via python, but it goes through badly.

I want my code to approve my selected seats and continue to payment.

I took this url,data and token from the post request after putting the selected cinema place time and seats.

import urllib.parse, urllib.request 

url = "https://tickets.yesplanet.co.il/YPR/SelectSeatPageRes.aspx/SetSelectedSeats?ec=10725013018-246564"


data = urllib.parse.urlencode(dict(
seats = "11,19#11,20#11,21#11,22",
token ="246564#5#1"
))


res = urllib.request.urlopen(url, data.encode("utf8"))


print (res.read())

the link has an expiration but this is the result:

Session Ended It appears that the session has ended before you were able to complete your purchase.

a link to the main site : https://www.yesplanet.co.il

how do i know if my request is complete?

for your convince info from the headers and response tabs from the development tool:

response headers:

Cache-Control:private, max-age=0
Content-Length:170
Content-Type:application/json; charset=utf-8
Date:Tue, 30 Jan 2018 01:27:26 GMT
P3P:CP="NOI ADM DEV COM NAV OUR STP"
Server:Microsoft-IIS/8.5
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET

request headers:

**Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, br
Accept-Language:he-IL,he;q=0.9,en-US;q=0.8,en;q=0.7
Connection:keep-alive
Content-Length:44
Content-Type:application/json; charset=UTF-8
Cookie:ASP.NET_SessionId=p4citijvw3vrqxuoekqnlrhw; _ga=GA1.3.525452416.1517275557; _gid=GA1.3.1168599094.1517275557; _gat_tealium_0=1; utag_main=v_id:016144aba503001d7d72fa299b0904072001c06a00868$_sn:1$_ss:0$_st:1517277365866$ses_id:1517275555076%3Bexp-session$_pn:2%3Bexp-session; hfOIKey=CXCFcTD1; SS#246564#5#1=; SS%23246564%235%231=17%2C12%2317%2C13; hfSKey=%7C%7C%7C%7C%7C%7C%7C%7C%7C1072_res%7C10725013018-246564%7C20
Host:tickets.yesplanet.co.il
Origin:https://tickets.yesplanet.co.il
Referer:https://tickets.yesplanet.co.il/YPR/SelectSeatPageRes.aspx?dtticks=636528796178961691&cf=1004&ec=10725013018-246564
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36
X-Requested-With:XMLHttpRequest**

request payload

{seats: "16,10#16,11", token: "246564#5#1"}
seats
:
"16,10#16,11"
token
:
"246564#5#1"

and the response tab:

{"d":"{\"ReturnCode\":0,\"Message\":null,\"Redirect\":\"/YPR/OrderFormPageRes.aspx?dtticks=636528796470870119\\u0026cf=1005\\u0026ec=10725013018-246564\",\"Data\":null}"}

Answer 1

The cookie header is the key. When you send a request from xhr (aka your browser), relevant cookies are automatically appended to your request.

These cookies are how sessions are usually managed, and the response message indicates that the server did not find a valid session cookie in your request.

You will need to "authorize", via logging in or otherwise beginning this session, and then insert that session cookie into your request before sending it.

After rereading, the token header is most likely not static either. My guess would be that this is engineered to prevent automated requests, and so may be difficult to circumvent.

Update in response to OP comment:

Use cookiejar or just read the urllib docs and figure out how to extract and then insert cookies.

how to send cookies inside post request

You will need to study the website's behavior in your developer tools and see which request triggers a session cookie update, and then simulate that request before you simulate your post request.

You've been provided three answers. Mark the question as correct and post another, more specific if you still have trouble.