python requests login authentication

Question

I'm having trouble logging into my account on this site using python requests. The login page is www.utahrealestate.com/auth/login. The login credentials post goes to www.utahrealestate.com/auth/authenticate.

This is the procedure with which I attempt to login (r is a requests session):

>>> login = r.post('http://www.utahrealestate.com/auth/authenticate', data={'login':'my_login','pass':'my_password'}) 
>>> login.text
u'{"error":"Username or password was invalid.  Please try again or click on \\"Reset it\\" above to reset your password."}'

I know the login credentials are correct. I also know that the fields are named login and pass except that the page generates some combination of digits and appends that to each field name, but it only does so when I inspect the element in my browser. In my terminal those fields are simply named login and pass.

Using requests and BeautifulSoup, here is the login element in my terminal:

<input id="login" name="login" tabindex="1" type="text"/>

Here it is when inspecting element in browser:

<input id="login" type="text" tabindex="1" name="login_666832525">

The password element is similarly constructed, except it is named: "pass" with the same combination of digits as the login field appended to the end. There don't seem to be any hidden fields in the form. The digits following the field name (login_###, or pass_###) seem to change every time I refresh the page in my browser, but it's not present when I get the contents using requests in my terminal.

I'm assuming that my login troubles stem from my not being able to reproduce the digits from the field names. So, I've tried changing my "User-Agent" value in the requests.get header to mirror the one from my browser but that didn't seem to reproduce the numbered field names. Is it associated with some kind of session cookie? Perhaps the PHPSESSIONID cookie that I see? Or does this have nothing to do with field names?

EDIT:

I found a post request which automatically gets sent after the get request for the login page (posts to auth/login.form/). The response to this post request provides the numbers which are appended to the field names. However, even after passing in the string of digits to the field names, I am still not able to get on.

form_id = u'418622340'
loginauth_post = r.post('http://www.utahrealestate.com/auth/authenticate/', headers=authpost_header, data={'login_'+form_id: 'my_login', 'pass_'+form_id: 'my_pass'})

Answer 1

I was able to work it out. Apparently I needed to get the login page, then send an initial post request to auth/login.form/ using the cookie provided by getting the login page. That responds with the id number that needs to be appended to the field names. Then, send a post request to auth/authenticate using the same cookie. The trick seems to have been including 'X-NewRelic-ID' and 'X-Requested-With' parameters in the header.

Answer 2

试着写：

data = urllib.urlencode({'login':'my_login','pass':'my_password'})