使用 Python 请求进行 Cookie 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25214959/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Cookie authentication with Python requests
提问by rogue-one
I am trying to mimic a user action on a site programmatically using Python requestsAPI.
to accomplish this programmatically the request must have user/pass authentication and also should pass few NVPs as Cookies in Header.
To get the NVPs I initially make a dummy request and the server returns me the cookies.
I acquire the required values from these cookies and use this to send the actual request.
But the request doesn't succeeds and server complains I am not logged in.
But if I use the cookie value from my browser the request succeeds.
我正在尝试使用 Python requestsAPI以编程方式模拟站点上的用户操作。要以编程方式完成此请求,请求必须具有用户/通过身份验证,并且还应将少量 NVP 作为 Cookie 在 Header 中传递。为了获得 NVP,我最初提出了一个虚拟请求,服务器将 cookie 返回给我。我从这些 cookie 中获取所需的值并使用它来发送实际请求。但是请求没有成功,服务器抱怨我没有登录。但是如果我使用浏览器中的 cookie 值,请求就会成功。
The the dummy request to programmatically acquire JSESSIONID,glide_user and glide_user_session params in cookie is
以编程方式获取 cookie 中的 JSESSIONID、glide_user 和 glide_user_session 参数的虚拟请求是
response = requests.get('http://example.com/make_dummy_get',auth=('username','pasword'))
cookie_params = response.cookies.items()
below is the actual request
以下是实际请求
headers = {
'Host': 'example.com'
,'Connection': 'keep-alive'
,'Content-Length': 113
,'Cache-Control': 'max-age=0'
,'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
,'Origin': 'example.com'
,'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'
,'Content-Type': 'application/x-www-form-urlencoded'
,'Referer': 'www.example.com/asdas/'
,'Accept-Encoding': 'gzip,deflate,sdch'
,'Accept-Language': 'en-US,en;q=0.8'
,'Cookie': 'JSESSIONID=B6F7371A11825472CAB0366A4DCDD8EFB; glide_user="SC:Z3Vlc3Q=:b890b38b7f000001121dbe81a08c413ca5"; glide_user_session="SC:Z3Vlc3Q=:b890b38b7f000001121dbe81a08c413ca5"'
}
form_data = {
'param1': 'value1'
,'param2': 'value2'
,'param3': 'value3'
}
res = requests.post('http://example.com/make_post_request',auth=('username','pasword'),data=form_data,headers = headers)
It seems to me that the session created by my dummy request for some reason is getting closed and Hence the second request is rejected and html response says I must login to access the requested resource.
在我看来,由于某种原因由我的虚拟请求创建的会话正在关闭,因此第二个请求被拒绝,html 响应说我必须登录才能访问请求的资源。
I did the same exercise with Java apache's HttpClient and ended with the same issue.What am I missing here to make the request succeed without any login or authentication issues?
我用 Java apache 的 HttpClient 做了同样的练习,并以同样的问题结束。我在这里缺少什么来使请求成功而没有任何登录或身份验证问题?
采纳答案by Ian Stapleton Cordasco
First you should be using a Sessionobject from requests. This will manage cookies (and prepare them for you) so you do not have to create the cookie header for yourself.
首先,您应该使用Session请求中的对象。这将管理 cookie(并为您准备它们),因此您不必为自己创建 cookie 标头。
s = requests.Session()
s.get('http://example.com/make_dummy_get',auth=('username','pasword'))
print(s.cookies)
Next I have to stronglyadvise you to stop setting the following headers:
接下来我必须强烈建议您停止设置以下标题:
HostContent-LengthContent-TypeCookie
HostContent-LengthContent-TypeCookie
All four of those headers will be generated by requestsfor you. The Cookieheader will be generated using the CookieJarthat the Sessionuses. The Content-Lengthand Content-Typewill be computed while requestsprepares the body.
所有这四个标题都将由requests您生成。的Cookie报头将使用来生成CookieJar,该Session用途。在Content-Length和Content-Type而将计算requests准备体。
Also, if you're trying to use cookies to authenticate, the server is likely becoming confused because you're also passing auth=('username', 'password')in your second request. That's generating an authorization header so you're both sending a Cookieheader and an Authorizationheader. The server sees this as suspicious most likely and rightly refuses to accept your request as authenicated.
此外,如果您尝试使用 cookie 进行身份验证,服务器可能会感到困惑,因为您还传递auth=('username', 'password')了第二个请求。这会生成授权标头,因此您同时发送Cookie标头和Authorization标头。服务器认为这很可能是可疑的,并且正确地拒绝接受您的请求,因为它已经过身份验证。
