New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error login to Wordpress #99
Comments
I have only had a few minutes to look at this issue. I will give it more time when I have it to give. My initial conclusion is this, following your "output of the lib" above.
(Stepping through the code, there are actually several more redirects than what is being shown, at least in my WordPress test. Installing XAMPP and WordPress is not required. Any WordPress site appears to have the same issue.) I suspect that there are cookies involved that are not being set properly. That is, I suspect that step 2 is supposed to set a cookie indicating successful login before redirecting in step 3. At step 3, that cookie is not found by the server, so the server redirects back to the login page in step 4. IF this is the case, there are two options:
More research is needed, obviously. |
Confirmed. The Set-Cookie HTTP header is not being handled by SimpleBrowser in the first 302 redirect. I'm working on a fix. |
It seems Microsoft don't interrupt good the 'path=/wp...' if ((int)response.StatusCode == 302 || (int)response.StatusCode == 301 || (int)response.StatusCode == 307)
{
uri = new Uri(uri, response.Headers["Location"]);
handle301Or302Redirect = true;
Debug.WriteLine("Redirecting to: " + uri);
method = "GET";
postData = null;
userVariables = null;
foreach (string item in response.Headers)
{
if (item.ToLower() == "set-cookie")
{
var headers = response.Headers[item];
headers = headers.Replace(@"path=/wp-content/plugins;", @"path=/;").Replace(@"path=/wp-admin;", @"path=/;");
Cookies.SetCookies(uri, headers);
}
}
} |
BTW: I added the 307 redirect EDIT: headers = headers.Replace(@"path=/wp-content/plugins;", @"path=/;").Replace(@"path=/wp-admin;", @"path=/;"); It will throw a error |
Your solution is almost what I was going to do. I don't like the WordPress-specific code. I would have to find a way to work around that. What is throwing an error and what is the specific error? |
Out of curiosity, why did you add the 307 redirect? |
The free hosting do that redirect CookieContainer: line 397 MSG:
Inner Exception
Full error
|
In working on this issue, I found this comment in Browser.cs: /* IMPORTANT INFORMATION:
* HttpWebRequest has a bug where if a 302 redirect is encountered (such as from a Response.Redirect), any cookies
* generated during the request are ignored and discarded during the internal redirect process. The headers are in
* fact returned, but the normal process where the cookie headers are turned into Cookie objects in the cookie
* container is skipped, thus breaking the login processes of half the sites on the internet.
*
* The workaround is as follows:
* 1. Turn off AllowAutoRedirect so we can intercept the redirect and do things manually
* 2. Read the Set-Cookie headers from the response and manually insert them into the cookie container
* 3. Get the Location header and redirect to the location specified in the "Location" response header
*
* Worth noting that even if this bug has been solved in .Net 4 (I haven't checked) we should still use manual
* redirection so that we can properly log responses.
*
* OBSOLETE ISSUE: (Bug has been resolved in the .Net 4 framework, which this library is now targeted at)
* //CookieContainer also has a horrible bug relating to the specified cookie domain. Basically, if it contains
* //a cookie where the "domain" token is specified as ".domain.xxx" and you attempt to request http://domain.ext,
* //the cookies are not retrievable via that Uri, as you would expect them to be. CookieContainer is incorrectly
* //assuming that the leading dot is a prerequisite specifying that a subdomain is required as opposed to the
* //correct behaviour which would be to take it to mean that the domain and all subdomains are valid for the cookie.
* //http://channel9.msdn.com/forums/TechOff/260235-Bug-in-CookieContainer-where-do-I-report/?CommentID=397315
* //The workaround is as follows:
* //When retrieving the response, iterate through the Set-Cookie header and any cookie that explicitly sets
* //the domain token with a leading dot should also set the cookie without the leading dot.
*/ I think what your issue is a perfect example of what is described above, namely cookies not being saved on a 30* redirect. That said, I think your suggestion to read and set cookies if the set-cookie header exists when re-directing is a completely valid thing to do. It makes me wonder why someone chose to write a very long comment rather than what is turning out to be fewer lines of code than the comment to actually implement the work around in the library rather than giving lengthy instructions on how to work around the issue outside of the library. |
You can separate what described in the comment to 2 problems 1 - Already resolved at dot net here I think our problem is so dot.net don't know how to parse the path part of the cookie... |
I'm not testing on localhost. Rather, I'm accessing a live WordPress instance and attempting to log in. My tests involve a real host, request, and response.
I don't think the problem is .NET, but yes there is a problem parsing the cookie header into a CookieCollection. I am working on this now. I just wonder why this hasn't been addressed previously. |
If .NET Have a problem parsing a legit header = .NET problem. BTW: |
Yes. The solution presented in that article is essentially what I am about to check into my fork and put into a pull request in the main repository. |
I'd like for Axefrog and/or Teun to look over these changes before they are pulled into the project's master repository. While this fixes a problem, I would like confirmation that the fix is appropriate. I'm not clear if this fix is need or if .NET should be handling this case somehow. |
@kevingy I don't feel good, so sorry on the delay
|
The original changes have been merged into the project. I'll start working on some of these other issues. The first listed item is easy enough. Can you give me more information on 2-5. |
Item 2 has been addressed and will be available in my fork shortly. A pull request is also forthcoming. |
Issue #99. Added support for HTTP response codes 300, 303, 307, and 308....
@ghost, still with me? Can you give me more info on what you mean on items 3-5 in your list. It there a specific test case? If I don't hear back from you, I'm going to consider this issue resolved. Thanks! |
I'm going to close this issue. If it needs to be addressed further later, it can be re-opened. |
Steps to produce bug
This is the output of the lib
The text was updated successfully, but these errors were encountered: