EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cookie manager for HTTP/HTTPS

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#24821
Posted: 05/03/2013 05:35:25
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Yes Eugene, I will try it to create comp in code.
#24822
Posted: 05/03/2013 06:27:37
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Eugene,
one general Question:
I have:
Code
procedure TForm1.ElHTTPSClient1Cookie(Sender: TObject; CookieText: String);
var
  outformat: integer;
begin
  ShowMessage('My Cookie: '+CookieText);
  ShowMessage('Domain: '+ElCookieManager1.Domains[0].Domain);
  ShowMessage('DomainCount: '+INtTOStr(ElCookieManager1.DomainCount));
  Memo1.Lines.AddStrings(ElHttpsClient1.ResponseCookies);
end;

And get no Domain (THe listindex exceed the max) But I can see the CookieText.

Do I understaind it correctly that the CookieManager could do following:
- Saved the cookies which comes from the server
- PUT the cookies in the sending stream from client to server when the server makes a cookie request.

Or what purpose has the Manager else?
WIth the manager I do not think about the cookies - like the IE does, right?

Thanks
Walter
#24823
Posted: 05/03/2013 07:11:44
by Eugene Mayevski (EldoS Corp.)

Quote
Walter Schrabmair wrote:
And get no Domain (THe listindex exceed the max) But I can see the CookieText.


The event is triggered before cookies are passed to the cookie manager.


Sincerely yours
Eugene Mayevski
#24824
Posted: 05/03/2013 07:26:01
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Thanks, but even when I make a Button where the CookieMngr Stuff is shown,
I always get CookieCount=0 and no Domain. What is if the server does not send a DOMAIN cookie?
#24826
Posted: 05/03/2013 07:58:55
by Eugene Mayevski (EldoS Corp.)

The cookie is always specific to certain domain. Consequently, domain list won't be empty if the cookie was received.

I've just re-checked the component by modifying HTTPGet sample and adding a cookie manager (also created in code) to it. So either your web page doesn't send a cookie or you've done something incorrectly.

Please try adding the cookie manager to the HTTPGet sample (in <SecureBlackbox>\Samples\HTTPBlackbox\Client\) and if it doesn't work as you expect, please post it to HelpDesk together with the URL you are connecting to.


Sincerely yours
Eugene Mayevski
#24827
Posted: 05/03/2013 08:32:34
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Could you email me the Server/Client where the Cookies are sent and the Mngr is used? The server in the demo does not send any cookies.
#24828
Posted: 05/03/2013 08:41:26
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

What I did with IE Webbrowser in my past and successfull yproject is:
Login to
https://www.refworks.com/refworks2/default.aspx?r=authentication::init&groupcode=RWMedUniGraz

with my UI and PW in the Browserbox of my Delphi 7 program.
THen after login I can see the cookies in my ProtocolAnalyser (WildPackets Ehterpeak)

I think that on this side, there is a script or a asp page (= aspx)which accepts the cookies and recieves it via https. Becaus the first packet which is readabel is a http packet with the session infos and so on. I thought to learn the cookie stuff I could make this project with SBB and do the cookie handshaking myself.

Could you give me andy advices to this ?
Thanks


#24829
Posted: 05/03/2013 08:51:53
by Eugene Mayevski (EldoS Corp.)

Indeed after you login to the server, the server sends authentication cookies which are stored on the client. This should work with TElCookieManager as well and should be completely transparent.

Let's start with the simplest - try to connect to http://www.eldos.com/ and see if the cookies are set. If they are not, then you have missed something either in linking the components or in checking the set cookies.

There's no need for a client and a server - you use www.eldos.com as the server and your code (if you described it right) should work as well.


Sincerely yours
Eugene Mayevski
#24830
Posted: 05/03/2013 09:07:24
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Thanks yes the simplest method works fine. I can see DomainCount = 1 and the
cookies eldos.com sent me.

BUt I do not think that my IE past project could be done easely with SBB.
Did you see the Protocol Snapshoot? I never get the session cookie from the server, all I see is that the client sent me the session cookie back to the server. I assume that this authentification info is sent over https lines.

Do I understand it correctly, or have I a problem in understanding the communication with refworks.com

Thanks for your help
Walter
#24831
Posted: 05/03/2013 09:09:27
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Moreover I would like to mention, that eldos.com sents a domain cookie and this works fine so along. But refworks do not send a domain cookie at all.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 13436 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!