On 05/03/07, Dan Bezdek <[EMAIL PROTECTED]> wrote:
Well, for one thing, there are 3 sites that I want to login, and I can easily do it on all 3 sites using their login form and Post method. So, I have no problem authenticating on all 3 sites. However, there must be some common way of knowing that you've been logged in without having to do something site specific (for example, I can go through the response body and find a string that indicates that I have been authenticated. However, then I have to customize the solution for each site and I don't see this being a good solution).
There is no standard way of indicating login success. The server application writer can do whatever they like. However, there are some common methods that servers and applications use to keep track of the login state. For example: * cookies * hidden fields * URL rewriting See http://en.wikipedia.org/wiki/HTTP_cookiehttp://en.wikipedia.org/wiki/HTTP_cookie for some details You may find that the 3 servers all use the same method. Or you may find that the 3 servers all use the same or similar responses to report login failure. You will have to investigate.
Also, it seems that I can't depend on the response code. For example on many sites, even if I fail the authentication, they still send me a 200 response code. If the authentication fails, shouldn't the site give me a response that indicated the authentication has failed? By the way, I don't have any control over those sites that I am trying to authenticate to; so, I can't change the behavior of the server.
Response 200 just means that the server was able to return a page successfully. The HTTP response codes do not say anything about the content. There are some forms of authentication for which you can use the response code - e.g. Basic, NTLM - these are handled by the server before it returns any data, so for these you do get a non-200 response code. But in this case the servers are not using that form of authentication.
Thanks, Dan sebb <[EMAIL PROTECTED]> wrote: This totally depends on how the site is coded. One approach is to try and access a page that is protected by the login and see what happens. But again, how you detect whether access has been granted depends on how the site is coded. Try with a browser an see what happens. On 05/03/07, Dan Bezdek wrote: > Hi Everyone, > > I am new to HttpClient, and I can't find any source on the proper way of authenticating when I am trying to login to a site that has a login form. > > Basically, I can login using post method, but I can't find any source that tells me what response code should be returned in order for me to be sure that the authentication has succeeded. I don't really care what the server does after authentication (for exampale if I get redirected or not), all I want to know is that I am logged in. Someone suggested that the standard way is to use the Head method first to make sure authentication would succeed. In any case, could someone please tell me what the common way of doing the authentication is? I don't need details, just a step-by-step outline of what to do and what response code I should expect. > > I really appreciate your help. > > Thanks, > Dan Bezdek > > > --------------------------------- > Never miss an email again! > Yahoo! Toolbar alerts you the instant new Mail arrives. Check it out. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
