Home > Developer > Web Develop

Use cookies to access the website after login

Source: Internet
Author: User
Tags http cookie csrf attack
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

As we all know, the HTTP connection is stateless, so the question is, how to log the user's login information? As a general practice, when a user first sends an HTTP request, a Sessionid,sessionid is generated on the HTTP server side that corresponds to the state of each session (such as whether to log in or not), and the SessionID is saved in the browser's cookies. After we log in to a webpage, open another window to access the same page without logging in, because two pages correspond to the same cookie.

Sometimes when you are doing a Python crawler, you need to access a Web page that you have logged in to access, and you can do this with a cookie file that has already been logged in. The following take the Thunderbolt network as an example to do the experiment, the experimental platform for Linux.

1. First log in to the Thunderbolt network in Firefox browser and use the Firebug plugin to export cookies.

2. Modify the format of the cookie, assuming that the file name is xunlei.txt, the correct format is as follows:

1 # Netscape HTTP Cookie File.2# Generated by Wget on -- .- -  at: Wu: the.3 # Edit at your own risk.4 5. dynamic.i.xunlei.com True/false1498494348__utma74633479.1276576155.1435422349.1435422349.1435422349.16. i.xunlei.com True/false1498494325__utma112570076.1792933177.1435422325.1435422325.1435422325.17. dynamic.i.xunlei.com True/false1435424148__utmb74633479.1.10.14354223498. i.xunlei.com True/false1435424125__utmb112570076.1.10.14354223259. dynamic.i.xunlei.com True/false1498494348__utmc74633479Ten. i.xunlei.com True/false1498494348__utmc112570076 One. i.xunlei.com True/false1435422925__utmt1 A. dynamic.i.xunlei.com True/false1451190348__utmz74633479.1435422349.1.1. utmcsr=i.xunlei.com|utmccn= (Referral) |utmcmd=referral|utmcct=/Login. html -. i.xunlei.com True/false1451190325__utmz112570076.1435422325.1.1. utmcsr= (direct) |utmccn= (direct) |utmcmd=(None) -Dynamic.i.xunlei.com False/false1498494348__xltjbr1435422347556 theDynamic.i.xunlei.com False/false1435424148_S19 1435770994546b1435422324953b2bhttp%3a//Dynamic.i.xunlei.com/user
# The number of cookies is more, it is not written, there are three places to note:
# 1. The first line must not be less, and one character cannot be wrong.
# 2. The format should be strictly (blank tab):
Domain [True or FALSE]/[true or FALSE] expiration timestamp name content

3. Use Python code to read Xunlei.txt, and access Web pages that can be accessed after login, for example: Http://dynamic.i.xunlei.com/user

The following is the source code:

1 ImportCookielib, Urllib22 3Cookie =Cookielib. Mozillacookiejar ()4Cookie.load ("Xunlei.txt")5handle=Urllib2. Httpcookieprocessor (Cookie)6Opener =Urllib2.build_opener (handle)7 Urllib2.install_opener (opener)8 9URL ="Http://dynamic.i.xunlei.com/user"Tenreq =Urllib2. Request (URL) OneResponse =Urllib2.urlopen (req) A PrintResponse.read ()

4. The printed code is what I see in http://dynamic.i.xunlei.com/user after I log in.

The above principle is similar to the CSRF attack principle, CSRF attack is the use of illegal access to user cookies, disguised as a user to operate. For this type of attack, the Web site can generate token,http server to validate tokens for each request to avoid CSRF attacks, such as Django Csrfviewmiddleware.

But tokens are still placed in cookies and can still be csrf attacks, but the attack is more complicated.

Use cookies to access the website after login

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to use cookies how to access cookies how to add cookies to website login to website wordpress how to use cookies in php php login to website how to use wordpress after installation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More