HttpPost:没有“Set-Cookie”标头
我想获取网站的会话cookie。不幸的是,“Set-Cookie”标头没有显示。
这是我写的代码: “commands”是一个 String[][] ,整个代码由 try/catch 包装。
CookieStore cookieStore = new BasicCookieStore();
HttpContext localContext = new BasicHttpContext();
localContext.setAttribute(ClientContext.COOKIE_STORE,cookieStore);
HttpPost httppost = new HttpPost(url);
List<NameValuePair> nvps = new ArrayList<NameValuePair>(0);
for (int i=0;i<commands.length;++i)
nvps.add(new BasicNameValuePair(commands[i][0],commands[i][1]));
httppost.setEntity(new UrlEncodedFormEntity(nvps,HTTP.UTF_8));
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
Header[] headers = response.getAllHeaders();
List<Cookie> cookies = cookieStore.getCookies();
String data = EntityUtils.toString(entity);
我对Http通信的理解告诉我应该有一个“Set-Cookie”标头。我从response.getAllHeaders()获得的唯一标头是Connection:close、X-Powered-By:PHP/4.3.4和Content-Type:text/html
返回的数据中包含一些javascript(response.getEntity ())。
<script language = "javascript">
<!--
location.href="/index.php";
function SetCookie(name,value,expire,path){
document.cookie = name + "=" + escape(value) + ((path == null) ? "":(";path="+path))
}
var iad = 461180104
SetCookie("iad",iad,0,"/")
-->
</script>
据我了解,这段代码永远不会被执行,因为它只是一条注释?! 但这也可能是应该创建 cookie 的地方。
有什么想法吗?
更新: “Opera Mobile”是我发现的唯一一个在该网站上没有 cookie 问题的 Android 浏览器。 “Opera Mini”、“Dolphin HD”和 Froyo Stock 浏览器都失败。桌面浏览器没有连接问题。这是一个 webkit 问题吗?如果是这种情况:如何避免?
I want to get the session cookie of a website. Unfortunately the "Set-Cookie"-Header doesn't show up.
Here's the code I've written:
"commands" is a String[][] and the whole code is wrapped by try/catch.
CookieStore cookieStore = new BasicCookieStore();
HttpContext localContext = new BasicHttpContext();
localContext.setAttribute(ClientContext.COOKIE_STORE,cookieStore);
HttpPost httppost = new HttpPost(url);
List<NameValuePair> nvps = new ArrayList<NameValuePair>(0);
for (int i=0;i<commands.length;++i)
nvps.add(new BasicNameValuePair(commands[i][0],commands[i][1]));
httppost.setEntity(new UrlEncodedFormEntity(nvps,HTTP.UTF_8));
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
Header[] headers = response.getAllHeaders();
List<Cookie> cookies = cookieStore.getCookies();
String data = EntityUtils.toString(entity);
My understanding of Http Communication tells me that there should be a "Set-Cookie" Header. The only Headers I get from response.getAllHeaders() are Connection:close, X-Powered-By:PHP/4.3.4 and Content-Type:text/html
There is a bit of javascript included in the returned data (response.getEntity()).
<script language = "javascript">
<!--
location.href="/index.php";
function SetCookie(name,value,expire,path){
document.cookie = name + "=" + escape(value) + ((path == null) ? "":(";path="+path))
}
var iad = 461180104
SetCookie("iad",iad,0,"/")
-->
</script>
As far as I understand this, this code is never executed because it's just a comment ?!
But as well this is probably the bit where the cookie should be created.
Any ideas?
UPDATE:
"Opera Mobile" is the only browser for Android I found which has no problem with cookies on this site. "Opera Mini", "Dolphin HD" and the Froyo Stock browser all fail. No Desktop browser has problems connecting. Is this a webkit issue? And if this is the case: how to avoid it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 Chrome 的开发人员工具或 Firebug,检查 HTTP 响应中 Set-Cookie 标头字段中的“expires”参数。确保手机上的时间/日期设置正确。如果浏览器认为cookie已经过期,则不会存储它。
如果这不起作用,请尝试使用wireshark / tshark从客户端获取通信痕迹,并将其与按您期望的方式工作的浏览器进行比较。
顺便说一句,围绕那段 Javascript 的注释分隔符不会阻止脚本运行;而是会阻止脚本运行。它们只是阻止较旧的(非常旧的)浏览器尝试在文档中呈现脚本。该 cookie(“iab”)看起来不像用于身份验证的 cookie。可能有一个带有会话标识符的仅限 http 的 cookie;您应该能够使用前面提到的 Firebug/Dev 工具看到它。
Using Chrome's developer tools or Firebug, check the HTTP response for the "expires" parameter in the Set-Cookie header field. Make sure the time / date settings on the phone are set correctly. If the browser thinks the cookie is already expired, it won't store it.
If that doesn't work try using wireshark / tshark to grab a trace of the communication from your client, and compare it to a browser that's working the way you expect it to.
By the way, the comment delimiters around that bit of Javascript don't prevent the script from being run; they just prevent older (really old) browsers from trying to render the script in the document. That cookie ("iab") doesn't look like the cookie for authentication. There's likely an http-only cookie with a session identifier; you should be able to see it using the aforementioned Firebug / Dev tools.