» ASP: Sustain Remote Cookie Sessions in an ASP/VBScript

27Apr/0619

ASP: Sustain Remote Cookie Sessions in an ASP/VBScript

I dug up this cold from my old netnerds blog. For Googlers wondering if sustaining a remote session is possible, the answer is yes; I've sustained remote cookie sessions using both ASP & VBScript. I've provided simplified code below. It should be self explanatory. If not, drop me a comment and I'll explain it.

Dirty Code

<%

url1 = "http://www.netnerds.net/session/login.asp"

url2 = "http://www.netnerds.net/session/controlPanel.asp"


data1 = "username=bobby&pass=thepass&submit=Login"


theCookie = httpSessionRequest(1, "POST", url1, data1, noCookie, noViewState)

finalHTML = httpSessionRequest(2, "GET", url2, nodata, theCookie, noViewState)


response.write finalHTML

'---------------------------------------------------------

'THE FUNCTION

'---------------------------------------------------------


Function httpSessionRequest(theStep, method, url, data, cookie, viewState)

	'FYI, viewstate code has been ripped out.

	'Previously, I screenscraped to get the viewstate hidden field for aspx pages.


	baseURL = "http://www.netnerds.net/" 'This is to fix any broken images in the output.


	if len(cookie) = 0 then cookie = "dummy=dummy;"

	HTTPReferrer = Trim(url)

	postVars = Trim(data)


		Set XMLHTTP = server.CreateObject("MSXML2.serverXMLHttp")

		XMLHTTP.open method, Trim(url), false


			if UCASE(method) = "POST" Then

				XMLHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"

			End If

			XMLHTTP.SetRequestHeader "Referer", HTTPReferrer 'just in case the server cares

			XMLHTTP.setRequestHeader "Cookie", "excuse the Microsoft bug"

			XMLHTTP.setRequestHeader "Cookie", cookie


			XMLHTTP.send postVars


			'wait for response

			While XMLHTTP.readyState <> 4

				XMLHTTP.waitForResponse 1000

			Wend

			strHeaders = XMLHTTP.getAllResponseHeaders()


			hArr = split(strHeaders,"Set-Cookie: ")

			for kk = 1 to ubound(hArr)

				theCookie = left(hArr(kk),instr(hArr(kk),"path=/")-2)

				myCookie = myCookie & " " & theCookie

			next


			if len(myCookie) = 0 then mycookie = cookie

			sReturn = replace(XMLHTTP.responsetext,"../",baseURL)


			if cint(theStep) = 1 then

				httpSessionRequest = mycookie

			elseif cint(theStep) = 2 then

				httpSessionRequest = sReturn

			elseif cint(theStep) = 3 then

				'You can add stuff here to debug

				httpSessionRequest = mycookie

				response.write theCookie & "<p>" & mycookie & "<p>" & sReturn  & "<hr /><p>"

			end if

		set XMLHTTP = nothing

END FUNCTION

%>

Posted by: Chrissy Filed under: IIS, VBScript Leave a comment

Comments (19) Trackbacks (0) ( subscribe to comments on this post )

shaharyar hafeez
June 1st, 2006 - 12:57

i am shaharyar hafeez from pakistan i have used your code in article “ASP: Sustain Remote Cookie Sessions in an ASP/VBScript”

this code works well for 2 pages. but when i want to get the third page then i cant aple to maintain session. plz help me if u can.
i am using the following urls in the code

url1 = “http://www.sl.universalservice.org/menu.asp”

url2= “http://www.sl.universalservice.org/FY3_form471/ExtDisplay471_StartSearch.asp”

url3= “http://www.sl.universalservice.org/FY3_form471/ExtDisplay471_ApplicantSearch.asp”

data1=”txt471id=504472&txtSecurityCode=&CameFrom=Current&hidErrMsg=
&hid471ApplID=&hidSecCode=&hidCameFrom=&cmdSbmitName=Display”

theCookie = httpSessionRequest(1, “GET”, url1,nodata,noCookie, noViewState)

theCookie = httpSessionRequest(1, “GET”, url2, nodata, theCookie, noViewState)

finalHTML = httpSessionRequest(2, “Post”, url3, data1, theCookie, noViewState)

i have tried alot but cant succeed please help me as soon as possible.

thanks in advance

( REPLY )
Chrissy
June 1st, 2006 - 16:33

Hey Shaharyar,
Your current order is
theCookie = httpSessionRequest(1, “GET”, url1,nodata,noCookie, noViewState)

theCookie = httpSessionRequest(1, “GET”, url2, nodata, theCookie, noViewState)

finalHTML = httpSessionRequest(2, “Post”, url3, data1, theCookie, noViewState)
Try doing
httpSessionRequest(1…
httpSessionRequest(2…
httpSessionRequest(3…

instead.

( REPLY )
Tahir Ali
August 4th, 2006 - 08:11

I need some help regarding how to post viewstate using xmlhttp in asp 3.0

( REPLY )
china boy
August 15th, 2006 - 23:59

great!

( REPLY )
raymond
May 14th, 2007 - 16:52

It’s not working on Trademe.co.nz.Could you help me out please?

( REPLY )
Bruno
May 17th, 2007 - 15:35

Hi,

If I understood your code you send a request for url1 and in urls the session will be created, then you call url2 and in there you can access the session created in url1.

What if i want to create a session in the main page and call serverXMLHTTP, is there a way to do that?
I mean, whithout using a second url?

All I want is that the session created in the main page can be accessed in “url”.
In my case, url will not create another session.

I tryed to pass the cookie header like this XMLHTTP.setRequestHeader “Cookie”, request.ServerVariables(“HTTP_COOKIE”)
but no success.

I would apreciate any help.
Thanks in advance.

( REPLY )
Bruno
May 17th, 2007 - 15:42

To make myself more clear what I want in terms of code is:

========MAIN PAGE========

Dim xmlhttp
set xmlhttp = CreateObject(“MSXML2.ServerXMLHTTP”)
xmlhttp.open “GET”, “myurl.asp”, false
session(“myString”) = “blablabla”
xmlhttp.send “”
response.write = xmlhttp.responseText
set xmlhttp = nothing

=======myurl.asp============

response.write session(“myString”)

=========================

The thing is: blablabla doesn’t get writen on main page. All I want is for this to work.

Sorry about placing to posts for the same thing.

( REPLY )
Pete D
June 18th, 2007 - 03:17

Hi Bruno,

I had a similar need and a similar problem hence me finding this page. I think I’ve found out why it won’t work but it might not help you. Its seems that only one page can have access to a users session space at one time but you (or we) are trying to access it in both pages. As a result the second page hangs while it waits for the firstpage to finish processing and release the session but it can’t as the first page is waiting for the second to finish running…dead lock. Thats whats causing this method to not work. The only way around it I’ve found is to switch off sessions in the first page, the calling page then the second page has access to the session space. Not perfect but it might serve your needs it did mine. You can switch it off by add this line to the top of your page:

* If you already have a

( REPLY )
Steve Shen
September 24th, 2007 - 23:14

Great script! Thanks for sharing!

One suggestion… Since response headers may not always contain “path=/”, it could be “Path=/”( with capital “P”), make the instr() not case sensitive would be a fix:

theCookie = left(hArr(kk),instr(hArr(kk),”path=/”)-2)

change to:

theCookie = left(hArr(kk),instr(1,hArr(kk),”path=/”,1)-2)

( REPLY )
Marcus Sanford
November 12th, 2007 - 09:42

Hi Chrissie – I am trying to get this to work with session variables as
well as cookies so I’ve got
xmlhttp.setRequestHeader “Cookie”, “LOGGED=xxxxxxxxxx”
xmlhttp.setRequestHeader “Cookie”, “MYID=xxxxxxx”

works fine – however how do I get this to run with session variables
is it just a case os writing
xmlhttp.setRequestHeader “Session”, “MYSession=xxxxxxx”

any help would be really great

Many thanks

Marcus

( REPLY )
David Luu
December 31st, 2007 - 16:22

Thanx for the info Chrissy!

For anyone interested, I wrapped Chrissy’s method around a slightly different friendly API for VBScript, and for Javascript as well. It might not be perfect but it’s a start. The Javascript version is intended to be cross-platform.

Web/HTTP Automation Libraries
http://www.codeproject.com/KB/library/httpautomationlibs.aspx

I’m thinking of doing ports for .NET and Java as well, if needed.

( REPLY )
Ribonix
November 20th, 2008 - 00:26

Hallo.
I need to read this page:
http://www.csi.milano.it/_@risultati_out.cfm?cod=310&sq=1186&tipo=AR
If I delete cookies and I go directly to this link I get Error in page.

If I go to this link http://www.csi.milano.it/main.cfm?mode=attivita&zona=0&output=class and select OSBER name in the list I go to another page. If I go to Under14 Link in the page I get a correct page.

How I can modify the code?

I know that in POST data I put
output=class&codice=0512&search=

Can you help me? Thank You

( REPLY )
Fatih ERİKLİ
May 10th, 2009 - 04:20

good job.
many thnks

( REPLY )
Antonio
May 14th, 2009 - 04:12

hi Chrissy,
your script is very useful. I wish to use it to send my vote in a web poll. In order to do that, I need to simulate send data via form.
I know the URL to the page to vote, but I dont know the URL to the module which stores the vote (in the HTML I got ).
Is there a way to retrieve the destination URL? Can I send form data using a cookie?
thanks

Antonio

( REPLY )
Zsolt
June 8th, 2009 - 15:24

Chrissy,

Thank you very much, I have been looking for this piece of code for a while to integrate with an XML parser requiring proper session cookie authentication.

Best wishes,
Zsolt

( REPLY )
HakkanR
October 4th, 2009 - 15:55

hi, i need help about xmlhttp connection a site..
page have login and password textfield.. but this form elements name are generated Random by server
for examle when you enter page :
name=”6100cf004601fc245d21aa880fde8ce3″ id=”tagLogin” type=”text”
type=”password” maxlength=”10″ name=”83006400c2011c24d821c688ecdf1816″

if you enter page and delete cookie.. page say you must enter all variables in form.
if you dont delete cookie.. page login successfully..

i connect the page with : Msxml2.ServerXMLHTTP.3.0
and send User-Agent Google Chrome
and first connection i get the cookie value with that:

cookie = sender.getResponseHeader(“Set-Cookie”)
sID = mid(cookie,instr(1,cookie,”=”)+1,instr(1,cookie,”;”)-(instr(1,cookie,”=”)+1))

and
Response.Write “Setting Request Header Cookie as: ” & left(cookie,instr(1,cookie,”;”)-1) & “”

Result: Response Header Cookie = Apache=195.174.214.116.1254692569245603; path=/; expires=Tue, 18-Sep-12 21:42:49 GMT
the session closed

and when i connect the page with post and send Form.Name Values.. and send cookie

sender.setRequestHeader “COOKIE”, left(cookie,instr(1,cookie,”;”)-1)

but result said: you must enter all values on form. Because my Cookie.timedout and form login names change again..
can anybody help me that?

( REPLY )
Tom Armstrong
December 15th, 2009 - 09:23

Dear Chrissy,

This is the second time on this project a Google search brought me to a posting from you that is exactly what is needed. Thank you for posting things of this nature. They are a big help to those of us getting into areas we have not trod before. Haven’t tried it yet, but it looks perfect.

Tom Armstrong

( REPLY )
Nicholas Tolbert
August 27th, 2010 - 15:48

Script Works Great

( REPLY )
Fafhrdd
October 28th, 2010 - 17:43

Is it possible to help me to understand what data1 is for? I am assuming it places the data in the correct fields (user name and password) however I am not completely sure how to enter in the data…

Do I use the NAME of the text boxes? For example my text box code on my login page is as follows:

As you can see it is the username… how would I change your code if say my username is Fafhrdd?

Right now I have replaced your code “username=bobby” with “ctl00$cphBody$Login1$UserName=fafhrdd”

Does that make sense or am I a complete moron?

( REPLY )