Thursday, September 25, 2008

The HttpRequest class updated - Get cookie values

I've updated the HTTPRequest-class so that you also can use it to pick cookies of a request.

Example code:

Dim request As New HttpRequest()
Dim sessionCookie As String
sessionCookie = request.cookie( "DomAuthSessId" )
Print "I've got your cookie!"


Although I link to Jake's excellent demonstration of how simple it is to get the session cookie, I wrote the cookie-bit a couple of days before, in work relation.

>> HttpRequest Source code

4 comments:

Jake Howlett said...

But your code must be running on the server, so it's not a security issue, as such. Are you saying it is?

Tommy Valand said...

No.. I read your article just before I wrote the update of the class. Since both were on the topic of cookies, I thought I could throw in a link (Share and enjoy).

For your example, the code would be:
--
Dim request As New HttpRequest()
Dim sessionCookie As String
sessionCookie = request.parameter( "cookie" )
'Split, find DomAuthSessId, send
'SMS, mail, etc to hacker
--

Cedric said...

Hello Tommy,
Didn't know where to post this question.. or if HttpRequest could be solve my problem.. : Do you know if it is possible to run on server (schedule agent) an ajax request to get for example "www.google.fr" page.
It works when executed from local notes client but not when executed on server side with a scheduled agent :
"use of socket unauthorized for www.google.fr,80"
Hope it is clear enough!
Thank you!

Tommy Valand said...

The HttpRequest-class won't help you, as it's used to receive requests, not send them.

Have you checked with your admin that you're allowed to run unrestricted agents on the server/that the firewall on the server allows outgoing requests on port 80?