Indy HTTP 客户端:类似于 Web 浏览器中的会话

发布于 2024-09-17 19:04:54 字数 543 浏览 9 评论 0原文

我正在制作一个在网站上注册的程序。
为此,我使用 C++Builder 和 Indy (TIdHTTP)。

工作原理:

  • 程序通过GET方式接收注册页面,并从中提取验证码图片地址;
  • 下载验证码 (GET) 并将其提供给用户;
  • 将用户提供的数据通过 POST 请求发送到网站。

问题:验证码总是不正确。这一定是因为在这三个对网站的调用之间,验证码挑战发生了变化。

为了防止这种情况,这些请求必须以某种方式连接
所以我认为,这里需要某种 会话 支持......

请告诉我如何在 Delphi 或 C++Builder 中实现这一点

编辑:

我发现会话 ID 存储在 cookie 中,这要归功于 跑步者

I'm making a program for registration on a website.
For this, I use C++Builder and Indy (TIdHTTP).

How it works:

  • Program receives registration page via GET and extracts CAPTCHA picture address from it;
  • downloads the CAPTCHA (GET) and serves it to user;
  • sends the data provided by user to the website in POST request.

Problem: The CAPTCHA code is always incorrect. This must be because somewhere between these three calls to website the CAPTCHA challenge changes.

To prevent this, these requests have to be connected somehow
So I think, some kind of sessions support is needed here...

Please tell me how this can be achieved, in Delphi or C++Builder

EDIT:

I found out that Session ID is stored in a cookie thanks to Runner

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

南七夏 2024-09-24 19:04:54

对我来说顺序似乎是正确的。只需检查在发回验证码答案时,您是否提供了 ID 来判断该验证码是哪一个。

对我来说,听起来您的 POST 未被识别为特定请求。换句话说,您可能没有将响应与特定用户相关联。当您第一次调用 GET 并从服务器获取验证码时,服务器必须为您提供返回的验证码的唯一 ID。这可以是一个唯一的 URL、一个 cookie、嵌入在返回的 HTML 中的字段等...

这是我根据您的描述猜测的。

编辑:

我有更多信息。很明显它是一个PHP服务器。从“BlaXpirit”提供的页面:

访问您网站的访问者是
分配了一个唯一的id,即所谓的
会话 ID。这要么存储在
用户端的cookie或者是
在 URL 中传播。

因此,如果 ID 位于 cookie 中,那么我猜您不会发回 cookie。你是这里的中间人,事情是这样的。

  1. 您向验证码服务器发出 GET 请求。
  2. 您收到包含 cookie 的响应
  3. 您将验证码发送回客户端,但不发送 cookie。

您应该将 cookie 发送到客户端,然后返回验证码服务器,或者拥有自己的会话管理,存储验证码 cookie,在客户端发送响应时识别客户端,并将 cookie 与响应一起发送回验证码服务器。

To me sequence seems correct. Just check that when posting the CAPTCHA answer back, you provide the ID to tell which CAPTCHA that is.

To me it sounds like your POST is not recognized as a specific request. In other words you are probably not assocating the response with the specific user. When you first call GET and get the CAPTCHA back from the server, the server must provide you with the unique ID for the returned CAPTCHA. This can be a unique URL, a cookie, a field embeded in the HTML returned etc...

That is my guess from your description.

EDIT:

I have more info. It is obviously a PHP server. From the page provided by "BlaXpirit":

A visitor accessing your web site is
assigned a unique id, the so-called
session id. This is either stored in a
cookie on the user side or is
propagated in the URL.

So, if the ID is in the cookie, then I guess you are not sending the cookie back. You are the middle man here, It goes like this.

  1. You make a GET to the CAPTCHA server.
  2. You get back the response that contains the cookie
  3. You send the CAPTCHA back to the client, but do not send the cookie.

You should send the cookie to the client and then back to the CAPTCHA server, or have your own session management, store the CAPTCHA cookie, identify the client when he/she sends the response and send the cookie with the response back to the CAPTCHA server.

心的憧憬 2024-09-24 19:04:54

如果服务器通过 cookie 发送 PHP 会话 ID,请确保您使用的是最新版本的 Indy。 Indy 10 的 cookie 处理已经被破坏了一段时间,但我最近检查了 Indy cookie 管理的新代码来解决很多问题。

如果服务器在注册表单的隐藏字段中发送 PHP 会话 ID,那么您需要确保在发回的 POST 数据中包含该 ID。

If the PHP session ID is being sent by the server in a cookie, then make sure you are using an up-to-date version of Indy. Indy 10's cookie handling has been broken for awhile, but I recently checked in new code for Indy's cookie management to address a lot of issues.

If the PHP session ID is being sent by the server in a hidden field of the registration form, then you need to make sure you are including the ID in the POST data you send back.

半夏半凉 2024-09-24 19:04:54

使用 IdCookieHandler 并将其链接到 IdHTTP 对象。然后所有 cookie/会话管理工作将由 Indy 自动完成

如果您想使用真正的会话支持和网络自动化(包括注册),这是最快速、最干净的解决方案。

Use a IdCookieHandler and link it to the IdHTTP Object. Then all the cookie / session management stuff will automatically done by Indy.

This is the fast and cleanest solution if you want to work with real session support and web automation including signups.

酒绊 2024-09-24 19:04:54

让我猜一下,嗯...我打赌你注册了雅虎:) 不管怎样,对于大多数流行的邮件提供商来说,这并不是那么容易,有一些 JavaScript 可以防止自动注册。这些脚本可以动态生成 cookie 或 POST 字段。

Let me to guess, hmm... I bet you register Yahoo :) Anyway with most popular mail providers it isn't so easy, there are some javascripts that protect from automatic signups. These scripts can generate cookies or POST fields dynamically.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文