I'm using WinHTTP in Access 2007 VBA to fetch some list of items requiring a cookie login credential account.
First I login through https://www.example.com/login.php with this:
Dim strCookie As String, strResponse As String, _
strUrl As String
'
Dim xobj As Object
'
Set xobj = New WinHttp.WinHttpRequest
'
strUrl = "https://www.example.com/login.php"
xobj.Open "POST", strUrl, False
xobj.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
xobj.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xobj.Send "username=johndoe2&password=mypassword"
'
strCookie = xobj.GetResponseHeader("Set-Cookie")
strResponse = xobj.ResponseText
The content of strResponse indicates that my login is OK, as johndoe2 is welcomed in this string. strCookie saves the Set-Cookie returned by the HTTP server after the successful login.
Next I need to get a confidential page only accessible for a logged user: https://www.example.com/secret-contents.php. I do this, with previous Set-Cookie header strCookie, resent to the server:
'
' now try to get confidential contents:
'
strUrl = "https://www.example.com/secret-contents.php"
xobj.Open "GET", strUrl, False
xobj.SetRequestHeader "Cookie", strCookie
xobj.Send
'
strCookie = xobj.GetResponseHeader("Set-Cookie")
strResponse = xobj.ResponseText
Unfortunately, it's failed, as the new strResponse indicates that the fetched content is not the required one, but rather again the login page. And also strCookie has changed.
This has been tested and produces no effect, as it's only for Windows/OS linked authentication, such as the famous basic, NTLM, digest and Kerberos authentications, not for that based on cookie:
xobj.SetCredentials "johndoe2", "mypassword", 0
What else to send as headers to the remote server other than Set-Cookie, in order to use the previously certified credential ?
The server uses typo3 CMS framework.
See Question&Answers more detail:
os