ASP Sessions

Part:   1  2  3 

(Continued from previous part...)

A couple of notes to help you to understand this program:

• "use LWP::Debug qw(+);" turns on the debugging at the highest level.
• A "LWP::UserAgent" object is used to send a HTTP request to the HTTP server.
• "HTTP:Request" objects are used to compose HTTP requests.
• "$cookie_jar->extract_cookies($res);" is used to extract cookies from the response. This is very important, because ASP server is sending the session ID as a cookie to the client and expecting the client to send it back in the next request.
• "$cookie_jar->add_cookie_header($req);" is used to add the cookies received from the previous response to the current request. One of the cookies is the session id, which is important for the ASP server to recognize the current request is a continuation of the previous request.

If you run it with "reg_client.pl > client.out" in a command window, you will get the following in the window:

LWP::UserAgent::new: ()
LWP::UserAgent::request: ()
LWP::UserAgent::simple_request: GET http://localhost/reg_form.asp
LWP::UserAgent::_need_proxy: Not proxied
LWP::Protocol::http::request: ()
LWP::Protocol::http::request: GET /reg_form.asp HTTP/1.0
Host: localhost
User-Agent: libwww-perl/5.51

LWP::Protocol::http::request: reading response
LWP::Protocol::http::request: HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 28 Dec 2002 22:06:20 GMT
Connection: Keep-Alive
Content-Length: 383
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQGQQMCC=EFFFLMGAADIKNCGPKJDNHMCC; path=/
Cache-control: private

<html><body><b>Registration Form</b>:<br/><form action=reg_form.asp me
thod=get>Firt Name:<input type=text size=16 name=first_name><br/>Last 
Name:<input type=text size=16 name=last_name><br/>Email:<input type=te
xt size=32 name=email><br/>URL:<input type=text size=32 name=url><br/>
<input type=submit name=submit value=Submit></br></form>Your session I
D is 113988957<br/></body></html>
LWP::Protocol::http::request: HTTP/1.1 200 OK
LWP::Protocol::collect: read 383 bytes
LWP::UserAgent::request: Simple response: OK
HTTP::Cookies::extract_cookies: Set cookie ASPSESSIONIDQQGQQMCC => EFF
FLMGAADIKNCGPKJDNHMCC
HTTP::Cookies::add_cookie_header: Checking localhost.local for cookies
HTTP::Cookies::add_cookie_header: - checking cookie path=/
HTTP::Cookies::add_cookie_header:  - checking cookie ASPSESSIONIDQQGQQ
MCC=EFFFLMGAADIKNCGPKJDNHMCC
HTTP::Cookies::add_cookie_header:    it's a match
HTTP::Cookies::add_cookie_header: Checking .local for cookies
LWP::UserAgent::request: ()
LWP::UserAgent::simple_request: GET http://localhost/reg_form.asp?firs
t_name=Herong&submit=Submit
LWP::UserAgent::_need_proxy: Not proxied
LWP::Protocol::http::request: ()
LWP::Protocol::http::request: GET /reg_form.asp?first_name=Herong&
submit=Submit HTTP/1.0
Host: localhost
User-Agent: libwww-perl/5.51
Cookie: ASPSESSIONIDQQGQQMCC=EFFFLMGAADIKNCGPKJDNHMCC
Cookie2: $Version=1

LWP::Protocol::http::request: reading response
LWP::Protocol::http::request: HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sat, 28 Dec 2002 22:06:20 GMT
Location: reg_done.asp?last_name=
Connection: Keep-Alive
Content-Length: 144
Content-Type: text/html
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="reg_done.
asp?last_name=">here</a>.</body>
LWP::Protocol::http::request: HTTP/1.1 302 Object moved
LWP::Protocol::collect: read 144 bytes
LWP::UserAgent::request: Simple response: Found
LWP::UserAgent::request: ()
LWP::UserAgent::simple_request: GET http://localhost/reg_done.asp?
last_name=

LWP::UserAgent::_need_proxy: Not proxied
LWP::Protocol::http::request: ()
LWP::Protocol::http::request: GET /reg_done.asp?last_name= HTTP/1.0
Host: localhost
User-Agent: libwww-perl/5.51
Cookie: ASPSESSIONIDQQGQQMCC=EFFFLMGAADIKNCGPKJDNHMCC
Cookie2: $Version=1

LWP::Protocol::http::request: reading response
LWP::Protocol::http::request: HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 28 Dec 2002 22:06:20 GMT
Connection: Keep-Alive
Content-Length: 166
Content-Type: text/html
Cache-control: private

<html><body><b>Thank you registrating with us</b>:<br/>Firt Name:Heron
g<br/>Last Name:<br/>
Email:<br/>
URL:<br/>
Your session ID is 113988957<br/></body></html>
LWP::Protocol::http::request: HTTP/1.1 200 OK
LWP::Protocol::collect: read 166 bytes
LWP::UserAgent::request: Simple response: OK

We have a lot of information here. Let's analyze it quickly.

• My first request was sent as "GET /reg_form.asp HTTP/1.0".
• The first response came back with a cookie as: "ASPSESSIONIDQQGQQMCC=EFFFLMGAADIKNCGPKJDNHMCC". Apparently, this is the session ID, but encrypted. In the response content, session ID is reported as: 113988957.
• My second request was sent as "GET /reg_form.asp?first_name=Herong&submit=Submit HTTP/1.0", with two cookies. The first cookie was the ASP server session ID. The second cookie came from nowhere.
• The second response was interesting. It had code of "302 Object moved", and a "Location" header line indicating the new URL. Obviously, this reponse was generated by the "redirect" command in my ASP page, reg_form.asp.
• The LWP::UserAgent object is smart. It recognized the "Object moved" code, and automatically send another request with new URL location.
• With no surprises, the second response came correctly. The ASP did recognize my session ID in my second and third request, because the session ID reported in the third response is the same: 113988957.
• It is interesting to see that there was no cookie in the second response and third response. My guess is that ASP server saw the session ID in the seconde request and third request, so there was no need to put the session ID as cookie in the responses.

Part:   1  2  3