Curl无法正确识别cookie的到期值 [英] Curl doesn't recognize expires value in cookie correctly
问题描述
我试图在curl上执行pinterest.com上的登录。我收到以下请求 - 响应流程:
- GET-请求登录表单并刮除隐藏字段(csrftoken)
- POST请求登录凭据(mail和pw)并删除csrftoken
- 接收会话Cookie以进行登录
使用Curl,我可以看到发送和接收的以下标题:
GET / login / ?next =%2F HTTP / 1.1
User-Agent:Mozilla / 5.0(Windows NT 6.1; WOW64; rv:10.0.2)Gecko / 20100101 Firefox / 10.0.2
Host:pinterest.com
Referer:
Accept:text / html,application / xhtml + xml,application / xml,* / *
Accept-Language:de-de,en-us
Connection:keep -alive
HTTP / 1.1 200 OK
Content-Type:text / html; charset = utf-8
Date:Tue,10 Apr 2012 15:03:24 GMT
ETag:45d6a85f0ede46f13f4fc751842ce5b7
服务器:nginx / 0.8.54
Set-Cookie: csrftoken = dec6cb66064f318790c6d51e3f3a9612; Max-Age = 31449600; Path = /
Set-Cookie:_pinterest_sess =eJyryMwNcTXOdtI3zXcKNq0qznIxyXVxK / KqSsy3tY8vycxNtfUN8a3yc3E09nXxLPdztLVVK04tLs5MsfXNAopVpVf6VnlW + Qba2gIAuqgZIg ==; Domain = pinterest.com; HttpOnly; expires = Tue,17-Apr-2012 15:03:24 GMT; Max-Age = 1334675004; Path = /
Vary:Cookie,Accept-Encoding
Content-Length:4496
Connection:keep-alive
在步骤1之后,设置两个cookie csrftoken和_pinterest_sess。但是在cookiejar文件中(我使用CURLOPT_COOKIEFILE和CURLOPT_COOKIEJAR让curl处理cookie处理)显示以下内容:
Netscape HTTP Cookie文件
#http://curl.haxx.se/rfc/cookie_spec.html
#此文件由libcurl生成!编辑自行承担风险。
pinterest.com FALSE / FALSE 1365519805 csrftoken dec6cb66064f318790c6d51e3f3a9612
#HttpOnly_.pinterest.com TRUE / FALSE -1626222087 _pinterest_sesseJyryMwNcTXOdtI3zXcKNq0qznIxyXVxK / KqSsy3tY8vycxNtfUN8a3yc3E09nXxLPdztLVVK04tLs5MsfXNAopVpVf6VnlW + Qba2gIAuqgZIg ==
首先要注意的是#HttpOnly_在_pinterest_sess cookie行之前。我只是假设curl处理,只是罚款。但进一步看,可以看到负值被设置为到期日期:-1626222087
我不知道从哪里来,因为cookie设置为expires = Tue,2012年4月17日15:03:24 GMT(今后约7天,从今天算起)。
请求,_pinterest_sess cookie不会被curl设置:
POST / login /?next =%2F HTTP / 1.1
User-Agent:Mozilla / 5.0(Windows NT 6.1; WOW64; rv:10.0.2)Gecko / 20100101 Firefox / 10.0.2
主机:pinterest.com
参考:https:// pinterest.com/login/?next=%2F
Cookie:csrftoken = dec6cb66064f318790c6d51e3f3a9612
接受:text / html,application / xhtml + xml,application / xml,* / *
Accept-Language :de-de,en-us
Connection:keep-alive
Content-Length:123
Content-Type:application / x-www-form-urlencoded
$ b b HTTP / 1.1 302 FOUND
Content-Type:text / html; charset = utf-8
Date:Tue,10 Apr 2012 15:05:26 GMT
ETag:d41d8cd98f00b204e9800998ecf8427e
位置:http://pinterest.com/
服务器:nginx / 0.8.54
Set-Cookie:_pinterest_sess =eJzLcssPCy4NTclIjvAOrjQzyywoCChISgvLDi + 2tY9PrSjILEottvUN8a3yc4k09gtxrfRLt7VVK04tLs5MAYonV / qGeFb4ZkWW + 4LES4tTi + KBEv4u6UZ + WYEmvlm + QOxZ6R / iWOEbEmgLAKNfJps =; Domain = pinterest.com; HttpOnly; expires = Tue,17-Apr-2012 15:05:26 GMT; Max-Age = 1334675126; Path = /
Vary:Cookie
Content-Length:0
Connection:keep-alive
在响应中,另一个_pinterest_sess cookie被设置,因为curl没有发送最后一个。
目前,我不知道我做错了什么,或者如果curl只是无法正确解析cookie中的expires值。
任何帮助将非常感谢:)
//编辑
还有一件事:
根据 http://opensource.apple.com/source /curl/curl-57/curl/lib/cookie.c 函数curl_getdate()用于提取日期。该函数的文档列出了一些示例( http://curl.haxx.se/libcurl/ c / curl_getdate.html ):
- Sun,06 Nov 1994 08:49:37 GMT
- 星期日,06-Nov-94 08:49:37 GMT
- Sun Nov 6 08:49:37 1994
- 06 Nov 1994 08:49:37 GMT
- 06-Nov-94 08:49:37 GMT
- 1994年11月6日08:49:37
- 06 Nov 1994 08:49:37
- 06-Nov-94 08:49:37
- 1994 Nov 6 08:49:37 GMT
- 08:49:37 06-Nov-94
- 星期日94 6月08日08:49:37
- 1994年11月6日
- 06-Nov-94
- Sun Nov 6 94 b $ b
- 1994.Nov.6
- Sun / Nov / 6/94 / GMT
- Sun,06 Nov 1994 08:49 :37 CET
- 06 11月1994 08:49:37 EST
- Sun,12 Sep 2004 15:05:58 -0700
- 星期六,11 9月2004 21:32:11 +0200
- 20040912 15:05:58 -0700
- 20040911 +0200
它们都不符合上述过期日期星期二,2012年4月17日15:03:24 GMT,因为所有带连字符的示例只使用2位数年。
由于限制,您的计算机上遇到问题
服务器将在未来的 Max-Age 中设置1334675004秒的Cookie。
Max-Age = 1334675004
$ b b
你在这里张贴了你的问题@ 2012-04-10 15:13:24Z。这是一个1334070804的UNIX时间戳。如果您添加1334675004,并且在整数往返时将32位整数限制为2147483647纳入考虑,您将得到:-1626221485:
1334070804
+ 1334675004
------------
-1626221485
如数字所示,看起来服务器误解了Max-Age属性,是一个大约7天的秒数(604200 =〜6.99天,差异是因为cookie设置早于你在这里张贴你的问题)。但是,Max-Age是秒的增量,而不是absolut的UNIX时间戳。
尝试使用你的方法提高 PHP_INT_MAX PHP版本,或编译64位,这应该防止负数。但是,max-age计算仍然与服务器断开。您可能需要联系pinterest.com并报告问题。
I'm trying to perfom a log-in on pinterest.com with curl. I got the following request-response-flow:
- GET-Request the login form and scrape hidden fields (csrftoken)
- POST-Request login credentials (mail and pw) and scraped csrftoken
- Receive Session Cookie for login
Using Curl, I can see the following Headers being sent and received:
GET /login/?next=%2F HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Host: pinterest.com
Referer:
Accept: text/html,application/xhtml+xml,application/xml,*/*
Accept-Language: de-de,en-us
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 10 Apr 2012 15:03:24 GMT
ETag: "45d6a85f0ede46f13f4fc751842ce5b7"
Server: nginx/0.8.54
Set-Cookie: csrftoken=dec6cb66064f318790c6d51e3f3a9612; Max-Age=31449600; Path=/
Set-Cookie: _pinterest_sess="eJyryMwNcTXOdtI3zXcKNq0qznIxyXVxK/KqSsy3tY8vycxNtfUN8a3yc3E09nXxLPdztLVVK04tLs5MsfXNAopVpVf6VnlW+Qba2gIAuqgZIg=="; Domain=pinterest.com; HttpOnly; expires=Tue, 17-Apr-2012 15:03:24 GMT; Max-Age=1334675004; Path=/
Vary: Cookie, Accept-Encoding
Content-Length: 4496
Connection: keep-alive
So after step 1, the two cookies csrftoken and _pinterest_sess are set. But a look in the cookiejar file (I use CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR to let curl handle the cookie processing) shows the following:
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
pinterest.com FALSE / FALSE 1365519805 csrftoken dec6cb66064f318790c6d51e3f3a9612
#HttpOnly_.pinterest.com TRUE / FALSE -1626222087 _pinterest_sess "eJyryMwNcTXOdtI3zXcKNq0qznIxyXVxK/KqSsy3tY8vycxNtfUN8a3yc3E09nXxLPdztLVVK04tLs5MsfXNAopVpVf6VnlW+Qba2gIAuqgZIg=="
First thing to note is the #HttpOnly_ in preceding the _pinterest_sess cookie line. I just assume that curl handles that just fine. But looking further, one can see that a negative value is set as expiration date: -1626222087
I don't know where that's coming from, because the cookie is set with "expires=Tue, 17-Apr-2012 15:03:24 GMT" (which is about 7 days in the future, counting from today).
On the next request, the _pinterest_sess cookie won't be set by curl:
POST /login/?next=%2F HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Host: pinterest.com
Referer: https://pinterest.com/login/?next=%2F
Cookie: csrftoken=dec6cb66064f318790c6d51e3f3a9612
Accept: text/html,application/xhtml+xml,application/xml,*/*
Accept-Language: de-de,en-us
Connection: keep-alive
Content-Length: 123
Content-Type: application/x-www-form-urlencoded
HTTP/1.1 302 FOUND
Content-Type: text/html; charset=utf-8
Date: Tue, 10 Apr 2012 15:05:26 GMT
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Location: http://pinterest.com/
Server: nginx/0.8.54
Set-Cookie: _pinterest_sess="eJzLcssPCy4NTclIjvAOrjQzyywoCChISgvLDi+2tY9PrSjILEottvUN8a3yc4k09gtxrfRLt7VVK04tLs5MAYonV/qGeFb4ZkWW+4LES4tTi+KBEv4u6UZ+WYEmvlm+QOxZ6R/iWOEbEmgLAKNfJps="; Domain=pinterest.com; HttpOnly; expires=Tue, 17-Apr-2012 15:05:26 GMT; Max-Age=1334675126; Path=/
Vary: Cookie
Content-Length: 0
Connection: keep-alive
In the response, another _pinterest_sess cookie is set since curl didn't send the last one.
Currently, I don't know if I'm doing something wrong or if curl just isn't able to parse the expires value in the cookie correctly.
Any help would be greatly appreciated :)
// edit One more thing: According to http://opensource.apple.com/source/curl/curl-57/curl/lib/cookie.c the function curl_getdate() is used to extract the date. The documentation on that function lists some examples (http://curl.haxx.se/libcurl/c/curl_getdate.html):
- Sun, 06 Nov 1994 08:49:37 GMT
- Sunday, 06-Nov-94 08:49:37 GMT
- Sun Nov 6 08:49:37 1994
- 06 Nov 1994 08:49:37 GMT
- 06-Nov-94 08:49:37 GMT
- Nov 6 08:49:37 1994
- 06 Nov 1994 08:49:37
- 06-Nov-94 08:49:37
- 1994 Nov 6 08:49:37 GMT
- 08:49:37 06-Nov-94
- Sunday 94 6 Nov 08:49:37
- 1994 Nov 6
- 06-Nov-94
- Sun Nov 6 94
- 1994.Nov.6
- Sun/Nov/6/94/GMT
- Sun, 06 Nov 1994 08:49:37 CET
- 06 Nov 1994 08:49:37 EST
- Sun, 12 Sep 2004 15:05:58 -0700
- Sat, 11 Sep 2004 21:32:11 +0200
- 20040912 15:05:58 -0700
- 20040911 +0200
None of them matches the above mentioned expires date "Tue, 17-Apr-2012 15:03:24 GMT" because all examples with hyphens only use 2-digit-years..
You are experiencing an issue on your computer because of the limits of 32 bit signed integer values.
The server sets a cookie with the Max-Age of 1334675004 seconds in the future.
Max-Age=1334675004
You posted your question here @ 2012-04-10 15:13:24Z. That is a UNIX timestamp of 1334070804. If you add 1334675004 to it and you take a 32 bit integer limit of 2147483647 into account while having an integer roundtrip, you'll get: -1626221485:
1334070804
+ 1334675004
------------
-1626221485
As the numbers show, it looks like that the server did misunderstood the Max-Age attribute, if you substract each values from each other there is a circa delta of 7 days in seconds (604200 = ~6.99 days, the difference is because the cookie was set earlier than you posted your question here). However Max-Age is the delta of seconds, not the absolut UNIX timestamp.
Try to raise PHP_INT_MAX with your PHP version, or compile against 64 bit, this should prevent negative numbers. However, the max-age calculation is still broken with the server. You might want to contact pinterest.com and report the problem.
这篇关于Curl无法正确识别cookie的到期值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
