We use CURL to automate some administrative tasks on a web application that uses SSO cookie for all the sites on the domain. Recently, there was a change in the authentication system on the application that we had been automating with. That's fine. We changed the CURL script to conform to the new authentication. We are able to get cookies and save to the jar.
The problem is the way the cookie is saved. I looked at how the headers in Google Chrome and Mozilla Firefox and the response headers are the same that I see in CURL. However the cookie in the cookie jar isn't saving the cookie in a way that it can be sent to the subsites in the Domain.
The CURL Example is as follows:
curl -c mycookie "https://login.example.com" -d loginUID=myusername -d loginPWD=mypassword
The format it's saving is:
login.example.com FALSE / TRUE SSOCookie automatedvalue
The cookie will be consumed by the subsites if we manually change the cookie to:
.example.com TRUE / TRUE SSOCookie automatedvalue
I'm not sure why the cookies would be saved as such.
Does anyone know what would cause CURL to save the cookies as such? Or if there is a work around other than manually/scripting a change to be used for the entire domain?
Note: When I do a -v on setting the cookies. It says *Replased cookie SSOCookie "uniquecookieid" for domain login.cat.com
Thank you,
After spending two weeks and many hours I finally found the solution. The reason the cookie wasn't being set was because the server checked to see where the request was being made from. In the curl command I added a --referer to the domain of the site.
curl -c mycookie "https://login.example.com" -d "loginUID=myusername" -d "loginPWD=mypassword" --referer "https://login.example.com"
The cookie jar now contains a cookie that can be used to send to the server.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With