EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Sending raw cookies with the request

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#30000
Posted: 07/08/2014 10:52:01
by YEVGENIY PAZEKHA (Priority Standard support level)
Joined: 07/08/2014
Posts: 4

Hello guys, I need some help regarding cookies management.

Due to the layered architecture, our app cannot leave the cookie management to the SecureBlackBox library. In some scenarios, cookies must propagate upwards the stack of layers, and, after processed, go downwards to the library. When configuring the HTTP client for connection we want just to send the cookies as they are, without any filtering by domain/expiration/etc.

Here I face the problem. I've read the documentation on the cookies part and tried few ways described there, none of which worked, unfortunately. The options I tried:

1) Creating a TElCookieManager, adding a domain, adding cookies to the domain, and setting such manager to the HTTP client. Failed: the manager provided no cookies for the request, probably failing to match the domain/path/expiration.


2) Using property Cookies from TElHTTPRequestParams, adding cookies formatted as plain strings. Failed: this makes "Cookies" header to appear in the request, but all other headers are gone.

3) Sending "Cookies" as a custom header. Failed: the "Cookie" header is there and other headers are there too, but now a weird "Cookie=Cookie:..." line appears in the request.

Could you please advice the proper way of supplying the cookies to the request?
#30002
Posted: 07/08/2014 11:13:31
by Eugene Mayevski (EldoS Corp.)

All methods should work if used right.

1. CookieManager is intended to be used in automated way so let's put it aside for now.

2. TElHTTPRequestParams.Cookie are set in the following format:
Code
RequestParameters.Cookies = "CookieStringA" + CRLF + "CookieStringB" + CRLF ...


Where CookieStringX is in "Name=Value" form.

2a. There exists TElHTTPSClient.RequestCookies property which complements (not replaces) TElHTTPRequestParams.Cookie . RequestCookies is a StringList where you add entries in "Name=Value" form as well.

3. Custom header must be added "as is" in OnPreparedHeaders event handler. You can add a header by calling
Code
Headers.Add("Cookie: Name=Value; Name2=Value");


Option 3 should work. I will re-check option 2 to understand how it comes that you lose the other headers.
#30035
Posted: 07/14/2014 07:30:54
by YEVGENIY PAZEKHA (Priority Standard support level)
Joined: 07/08/2014
Posts: 4

Eugene, thanks for your quick answer and sorry for the sleep on my end!

I would prefer option 2 - using the Cookie property. Unfortunately, I still have problems with it.

The version of SecureBlackBox we use is the Java one. In Java version there is no "property" as such, but there is a List container for cookies. Here is the snippet how we use it (putting all cookies as one string):

Code
    private TElHTTPSClient CreateHttpsClient(RequestOptions requestOptions)
    {
        final TElHTTPSClient httpClient = new TElHTTPSClient();
        ...
        final TElHTTPRequestParams parameters = httpClient.GetRequestParameters();
        final TElStringList cookies = parameters.GetCookies();
        putCookies(cookies, requestOptions.cookies);
        ...
    }


    private void putCookies(final TElStringList target, final Cookies cookies) {
        if (cookies == null) return;

        final String strCookie = toCookieString(cookies);

        target.Add(strCookie);
    }


    private String toCookieString(final Cookies cookies) {
        final StringBuilder sb = new StringBuilder();
        for (final Cookie c: cookies) {
            if (sb.length() > 0) {
                sb.append("; ");
            }
            sb.append(c.toHeaderValue());
        }
        final String strCookie = sb.toString();

        return strCookie;
    }

The code above results in a request like this ("Cookie" is there but the other headers are missing):
Code
GET /texts?ids=AndroidMBV6Alert%2CmobielBankierenAlert HTTP/1.0
Cookie: TS998b8d=7b9e2ded50d7e701; LBCSS=0000000000


If I take adding the cookies out then the headers are fine:
Code
GET /texts?ids=AndroidMBV6Alert%2CmobielBankierenAlert HTTP/1.0
Accept-Language: en
Host: www-et1.abnamro.nl
Authorization: Basic Z******************=
User-Agent: [Bankieren]/[6.1] [generic_x86]/[Android SDK built for x86] [Android]/[4.4.2] [fa39cb0f-6495-419d-a005-112a5ec94041] [] []
Accept-Encoding: gzip, deflate
Connection: keep-alive
Accept-Language: en

The other way I tried to use the cookies list is adding each cookie as a separate item to the list:
Code
    private void putCookies(final TElStringList target, final Cookies cookies) {
        if (cookies == null) return;

        for (final Cookie c: cookies) {
            target.Add(c.toHeaderValue());
        }
    }


The result is, again, all other headers are gone, AND the Cookie header is malformed:
Code
GET /session/loginchallenge?accessToolUsage=SOFTTOKEN&accountNumber=420247319&cardNumber=181 HTTP/1.0
Cookie: TS998b8d=7b9e2ded50d7e701 LBCSS=0000000000


Please point out what do I do wrong?
#30036
Posted: 07/14/2014 08:27:09
by Eugene Mayevski (EldoS Corp.)

Other cookies don't disappear, but instead are added with an extra CRLF, which makes the other headers treated as part of the request body. This happens because
unfortunately RequestParameters.Cookie AND RequestParameters.Cookies properties at the moment don't work as intended (they both work for one-liner). I.e. you can add one line in the form "Cookie1=value1; Cookie2=Value2" to either of these properties and this should work. Adding several cookies each on the new line via those properties right now doesn't work, this will be fixed in version 12.

Meanwhile RequestCookies property of TElHTTPSClient should work correctly in the way you tried it.
#30037
Posted: 07/14/2014 08:36:11
by YEVGENIY PAZEKHA (Priority Standard support level)
Joined: 07/08/2014
Posts: 4

What is the expected release date of v.12?
#30038
Posted: 07/14/2014 08:47:18
by Eugene Mayevski (EldoS Corp.)

Please just use TElHTTPSClient.RequestCookies property.


Sincerely yours
Eugene Mayevski
#30039
Posted: 07/14/2014 10:22:17
by YEVGENIY PAZEKHA (Priority Standard support level)
Joined: 07/08/2014
Posts: 4

Eugene, TElHTTPSClient.RequestCookies worked. Thanks a lot for your prompt answers!
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 1253 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!