HTTP web request doesn't maintain session - c#

I have a program where I want to scrap some useful study material for personal use.
This site maintain a session key and some other key also.
If I tried to go to a nested page then it will end the session.
I'm unable to maintain session key using a web request class.
How can I maintain a session using a web request class?
Please help.

You need to maintain the CookiesCollection across your requests.
var request = (HttpWebRequest)HttpWebRequest.Create("http://www.mysite.com/");
var cookies = new CookieContainer();
//Pass the collection along with each request to maintain session
request.CookieContainer = cookies;
When you get the response back, your container will automatically contain the set of cookies associated with it. You can then reuse that container with subsequent requests.

Essentially you will want to read the session cookie from the response header and pass it back in the header with every request you issue. There may be more to it depending on the application you are targeting.

Got a similar problem when embedding a Page in an iFrame. Solution is, for security purposes sessions get discarded by browsers (mainly IE8). Maybe this is a splution? Google for P3P to get more info.
-sa

Related

How to Use Multiple Cookies with same name

Similar:
Multiple cookies with same name
How to handle multiple cookies with the same name?
I am setting a cookie on the page load of my asp control. I have a function gets the cookie and stores it in a var to be used. My question is, after reading the msdn site on cookies, is should I get the cookie from the Request or the Response and then set value of the other? Or should I get the cookie from the Response and set it's value? The last one doesn't seem quite right but I don't know.
MSDN text:
The browser is responsible for managing cookies on a user system. Cookies are sent to the browser via the HttpResponse object that exposes a collection called Cookies. You can access the HttpResponse object as the Response property of your Page class. Any cookies that you want to send to the browser must be added to this collection. When creating a cookie, you specify a Name and Value. Each cookie must have a unique name so that it can be identified later when reading it from the browser. Because cookies are stored by name, naming two cookies the same will cause one to be overwritten.
I assumed that I should get it from the request and set the response cookie, that doesn't seem to be quite right because I have ended up with double cookies with different values. The cookie I am worried about is TRACKINGINFO. It is set on a different sub domain and I need to pick up the value and just add to it and re-set the value.
Here is the request headers from Google Chrome:
ASP.NET_SessionId=bi2ingjjk5f4nhm; referer_domain=dev-znode.local; referer_query=; TRACKINGINFO=1234%2C526%2C1234%2C526; __utma=251778844.1427755012.1389292549.1389292549.1389292549.1; __utmb=251778844.16.10.1389292549; __utmc=251778844; __utmz=251778844.1389292549.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ZNodeCookie; LocaleID=43; TRACKINGINFO=1234%2C526%2C1234%2C526,2508
Request headers:
TRACKINGINFO=1234%2C526%2C1234%2C526,2500; expires=Fri, 10-Jan-2014 19:21:53 GMT; path=/
Yes, you should get cookies from request and set them on response.
There is magic code in HttpResponse that clones new cookies to request (and in your case probably does it in some way you don't expect) so developers can somewhat randomly pick where to read cookies from on server.
It may be cleaner to read cookies early in request lifetime (before any cookies set on response) and set cookies on response late (but not too late as it have to happen before first portion of response body flushed to client).

Reusing session cookie in HttpClient calls

I have a Web API 2 project using cookie-based sessions for our internal use. I have /api/login and /api/logout actions created and it works fine using a browser to access it.
I'm now trying to create a C# client to communicate with the API by using HttpClient. I can log in fine using:
Uri loginUri = new Uri("http://localhost/api", "login");
HttpResponseMessage response = _http.PostAsJsonAsync(loginUri, loginModel).Result;
And I can get the session id string from the cookie by
var cookies = _httpHandler.CookieContainer.GetCookies(uri);
if (cookies["session_id"] != null)
sessionID = cookies["session_id"].Value;
My question is: for every subsequent request including the logout request, how do I include the session_id cookie in the request header? I would like to reuse the HttpClient object for the duration of the session if possible. I saw this question and answer, but it's for calling login, performing the operation, and logout in the same request.
Thanks!
I ended up going back and used the same FormsAuthentication methods I used in my MVC project. So after calling my custom MembershipProvider, I used FormsAuthentication methods to set and keep track of my session cookies. I called FormsAuthentication.SetAuthCookie() to log in and FormsAuthentication.SignOut() to log out.

Cookie timing question

When I add a cookie through Response.cookies.add(cookie); My cookie will not be placed on the clients side until the client requests a page from my site. At the time of request .net will do some magic, place the cookie in the response and the client will store it. Is this true? If the above assumption is true I should be able to see unplaced cookies by cookie = response.cookies("foo"). Seems logical, but is it correct?
To sum it up.
I am placing a cookie, then later in the code before the request is served I am checking if the cookie is in the request.cookies("foo") if it is not I am checking the response.cookies("foo"). This method does not work. How would i go about reading a cookie before it is sent to the client side.
The actual question I need answered; Is there a way to view a cookies information before I send it to the browser? Something along the lines of check if cookie is on browser if not do some other check to see if it is waiting to be sent.If it is waiting to be sent read data on it
thank you very much.
If I understood the question correctly then you want to add a cookie to HttpResponse at some point after receiving a request from a client. Then at a later point of processing the request you want to access the same cookie again.
This quote might help you:
"After you add a cookie by using the HttpResponse.Cookies collection, the cookie is immediately available in the HttpRequest.Cookies collection, even if the response has not been sent to the client."
(from http://msdn.microsoft.com/en-us/library/system.web.httpresponse.cookies.aspx)
I suggest you to process the cookie only at one point during the response. Thus you can check if it's available in HttpRequest, and if not then add it to HttpResponse and invoke your additional logic.

No Cookies at second Webrequest

I login to a website by HTTPwebrequest, I get an authentication cookie.
When I make a new HTTP-webrequest and add the cookies from the first request to call the next page where I can see my personal data. I see that the cookies will associated with the second request if I debug it but if I check the network traffic I see that are no Cookies transmitted at the second request. I tried many possibilities to see why I don't work but I found nothing.
Does anyone know a solution?

if cookies are disabled, does asp.net store the cookie as a session cookie instead or not?

basically, if cookeis are disabled on the client, im wondering if this...
dim newCookie = New HttpCookie("cookieName", "cookieValue")
newCookie.Expires = DateTime.Now.AddDays(1)
response.cookies.add(newCookie)
notice i set a date, so it should be stored on disk, if cookies are disabled does asp.net automatically store this cookie as a session cookie (which is a cookie that lasts in browser memory until the user closes the browser, if i am not mistaken).... OR does asp.net not add the cookie at all (anywhere) in which case i would have to re-add the cookie to the collection without the date (which stores as a session cookie)... of course, this would require me doing the addition of a cookie twice... perhaps the second time unnecessarily if it is being stored in browsers memory anyway... im just trying not to store it twice as it's just bad code!! any ideas if i need to write another line or not? (which would be)...
response.cookies.add(New HttpCookie("cookieName", "cookieValue") ' session cookie in client browser memory
thanks guys
This MSDN article seems to indicate that there is no built in mechanism for compensating with the user disabling cookies. It also indicates that session state does not work without at least some level of cookies being enabled.
I thought that there was a mechanism for passing a query variable for the session id but skimming the article (quickly) I did not see this.
Hope that helps.
EDIT: It does say that you can use cookieless sessions (I thought you could). They use a separate mechanism to embed session ID in the pages and url links.
To follow up on GrayWizardx's reply, much of what was said is completely accurate.
If you are using a Cookie'd version of Session, and cookies are disabled then you are out of luck. But you have the option to have a cookieless version of the Session, which adds a string to the URL that shows the users session id. This is very ugly looking, and has always concerned me from a security perspective.
So you have three options (that I can think of off the top of my head):
1. Require cookies. This is not a bad thing, especially if your site is one that would have requiring cookies as normal.
2. Use ViewState.
3. Pass information from page to page within the URL. This, again worries me from a security perspective.

Categories

Resources