# Web Client

In [1]:
import requests

import pprint

# Lab: Stateful Web API Server With Client Calls Using Python

## First look at the Google cookies; NID is the Google name for SID and it is used to track users for months

In [2]:
r = requests.get("https://google.com")

In [3]:
r.status_code

200

In [4]:
r.headers

{'Date': 'Tue, 25 Mar 2025 21:10:19 GMT', 'Expires': '-1', 'Cache-Control': 'private, max-age=0', 'Content-Type': 'text/html; charset=ISO-8859-1', 'Content-Security-Policy-Report-Only': "object-src 'none';base-uri 'self';script-src 'nonce-6Us289btSlrJ_ybx64nUgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp", 'Accept-CH': 'Sec-CH-Prefers-Color-Scheme', 'P3P': 'CP="This is not a P3P policy! See g.co/p3phelp for more info."', 'Content-Encoding': 'gzip', 'Server': 'gws', 'X-XSS-Protection': '0', 'X-Frame-Options': 'SAMEORIGIN', 'Set-Cookie': 'AEC=AVcja2f925KWibKFQ6wT7zl-jh33aJebkUIZ4wctTndLpv_EWnJJIbhi8Q; expires=Sun, 21-Sep-2025 21:10:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax, NID=522=3pCillMh6vCaSj0hwpjrQnet0PU-UhMaWxqjrApVLSBm43b6-sL9Ib3pORyEn2k3LYzXfbnyk3l-JmeTygHuwqE4rrHL4bX6aJL_mYVBpvdbI8HFra2dlOZeSiahNkbv-R6-PIwP3vmXg_65Daenq7Tf5u9yEjI4ONrfeYwLrD4-LpU23BbYoeUllkpUH0KRUAkq0s

In [5]:
pprint.pprint(dict(r.headers))

{'Accept-CH': 'Sec-CH-Prefers-Color-Scheme',
 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
 'Cache-Control': 'private, max-age=0',
 'Content-Encoding': 'gzip',
 'Content-Security-Policy-Report-Only': "object-src 'none';base-uri "
                                        "'self';script-src "
                                        "'nonce-6Us289btSlrJ_ybx64nUgg' "
                                        "'strict-dynamic' 'report-sample' "
                                        "'unsafe-eval' 'unsafe-inline' https: "
                                        'http:;report-uri '
                                        'https://csp.withgoogle.com/csp/gws/other-hp',
 'Content-Type': 'text/html; charset=ISO-8859-1',
 'Date': 'Tue, 25 Mar 2025 21:10:19 GMT',
 'Expires': '-1',
 'P3P': 'CP="This is not a P3P policy! See g.co/p3phelp for more info."',
 'Server': 'gws',
 'Set-Cookie': 'AEC=AVcja2f925KWibKFQ6wT7zl-jh33aJebkUIZ4wctTndLpv_EWnJJIbhi8Q; '
               'expires=Sun, 21-

In [6]:
r.cookies

<RequestsCookieJar[Cookie(version=0, name='AEC', value='AVcja2f925KWibKFQ6wT7zl-jh33aJebkUIZ4wctTndLpv_EWnJJIbhi8Q', port=None, port_specified=False, domain='.google.com', domain_specified=True, domain_initial_dot=True, path='/', path_specified=True, secure=True, expires=1758489019, discard=False, comment=None, comment_url=None, rest={'HttpOnly': None, 'SameSite': 'lax'}, rfc2109=False), Cookie(version=0, name='NID', value='522=3pCillMh6vCaSj0hwpjrQnet0PU-UhMaWxqjrApVLSBm43b6-sL9Ib3pORyEn2k3LYzXfbnyk3l-JmeTygHuwqE4rrHL4bX6aJL_mYVBpvdbI8HFra2dlOZeSiahNkbv-R6-PIwP3vmXg_65Daenq7Tf5u9yEjI4ONrfeYwLrD4-LpU23BbYoeUllkpUH0KRUAkq0sV6KGcR3jIXn5smT0c', port=None, port_specified=False, domain='.google.com', domain_specified=True, domain_initial_dot=True, path='/', path_specified=True, secure=False, expires=1758748219, discard=False, comment=None, comment_url=None, rest={'HttpOnly': None}, rfc2109=False)]>

In [7]:
for cookie in r.cookies:
    print(cookie)

<Cookie AEC=AVcja2f925KWibKFQ6wT7zl-jh33aJebkUIZ4wctTndLpv_EWnJJIbhi8Q for .google.com/>
<Cookie NID=522=3pCillMh6vCaSj0hwpjrQnet0PU-UhMaWxqjrApVLSBm43b6-sL9Ib3pORyEn2k3LYzXfbnyk3l-JmeTygHuwqE4rrHL4bX6aJL_mYVBpvdbI8HFra2dlOZeSiahNkbv-R6-PIwP3vmXg_65Daenq7Tf5u9yEjI4ONrfeYwLrD4-LpU23BbYoeUllkpUH0KRUAkq0sV6KGcR3jIXn5smT0c for .google.com/>


In [8]:
r.cookies["NID"]

'522=3pCillMh6vCaSj0hwpjrQnet0PU-UhMaWxqjrApVLSBm43b6-sL9Ib3pORyEn2k3LYzXfbnyk3l-JmeTygHuwqE4rrHL4bX6aJL_mYVBpvdbI8HFra2dlOZeSiahNkbv-R6-PIwP3vmXg_65Daenq7Tf5u9yEjI4ONrfeYwLrD4-LpU23BbYoeUllkpUH0KRUAkq0sV6KGcR3jIXn5smT0c'

## Look at the SID cookie set by our web server

In [9]:
r = requests.get("https://localhost", verify=False)



In [10]:
r.status_code

200

In [11]:
r.headers

{'Content-Type': 'text/html; charset=utf-8', 'Content-Length': '130', 'Set-Cookie': 'SID=d86fd9ee67e14cc59228288450cf1f6f47a94cbfa7a8ddaa70df26a8dc1ceec0; Path=/', 'Server': 'Werkzeug/2.0.2 Python/3.9.7', 'Date': 'Tue, 25 Mar 2025 21:12:32 GMT'}

In [12]:
pprint.pprint(dict(r.headers))

{'Content-Length': '130',
 'Content-Type': 'text/html; charset=utf-8',
 'Date': 'Tue, 25 Mar 2025 21:12:32 GMT',
 'Server': 'Werkzeug/2.0.2 Python/3.9.7',
 'Set-Cookie': 'SID=d86fd9ee67e14cc59228288450cf1f6f47a94cbfa7a8ddaa70df26a8dc1ceec0; '
               'Path=/'}


In [13]:
r.cookies

<RequestsCookieJar[Cookie(version=0, name='SID', value='d86fd9ee67e14cc59228288450cf1f6f47a94cbfa7a8ddaa70df26a8dc1ceec0', port=None, port_specified=False, domain='localhost.local', domain_specified=False, domain_initial_dot=False, path='/', path_specified=True, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, rfc2109=False)]>

In [14]:
for cookie in r.cookies:
    print(cookie)

<Cookie SID=d86fd9ee67e14cc59228288450cf1f6f47a94cbfa7a8ddaa70df26a8dc1ceec0 for localhost.local/>


In [15]:
r.cookies["SID"]

'd86fd9ee67e14cc59228288450cf1f6f47a94cbfa7a8ddaa70df26a8dc1ceec0'

In [16]:
r.text

'SID cookie does not exist, creating the cookie, and setting it to d86fd9ee67e14cc59228288450cf1f6f47a94cbfa7a8ddaa70df26a8dc1ceec0'

## Send the SID cookie we just recieved back to the web server on a subsequent request

In [17]:
cookies = {"SID": r.cookies["SID"]}
cookies

{'SID': 'd86fd9ee67e14cc59228288450cf1f6f47a94cbfa7a8ddaa70df26a8dc1ceec0'}

In [18]:
r = requests.get("https://localhost", verify=False, cookies=cookies)



In [19]:
r.status_code

200

In [20]:
r.headers

{'Content-Type': 'text/html; charset=utf-8', 'Content-Length': '100', 'Server': 'Werkzeug/2.0.2 Python/3.9.7', 'Date': 'Tue, 25 Mar 2025 21:14:37 GMT'}

In [21]:
pprint.pprint(dict(r.headers))

{'Content-Length': '100',
 'Content-Type': 'text/html; charset=utf-8',
 'Date': 'Tue, 25 Mar 2025 21:14:37 GMT',
 'Server': 'Werkzeug/2.0.2 Python/3.9.7'}


In [22]:
r.cookies

<RequestsCookieJar[]>

In [23]:
r.text

"SID cookie exists and it's value is d86fd9ee67e14cc59228288450cf1f6f47a94cbfa7a8ddaa70df26a8dc1ceec0"

## Previously, we received and sent the cookie back manually; requests module has a Session() method that will store cookies received from the web server and send them on subsequent requests 

In [24]:
session = requests.Session()

In [25]:
r = session.get("https://localhost", verify=False)



In [26]:
r.status_code

200

In [27]:
r.text

'SID cookie does not exist, creating the cookie, and setting it to b0273a3925a454c5bc797fd18e2acc0a1da0e2803cae90df29380d141c7a93af'

In [28]:
r.cookies

<RequestsCookieJar[Cookie(version=0, name='SID', value='b0273a3925a454c5bc797fd18e2acc0a1da0e2803cae90df29380d141c7a93af', port=None, port_specified=False, domain='localhost.local', domain_specified=False, domain_initial_dot=False, path='/', path_specified=True, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, rfc2109=False)]>

In [29]:
r = session.get("https://localhost", verify=False)



In [30]:
r.status_code

200

In [31]:
r.text

"SID cookie exists and it's value is b0273a3925a454c5bc797fd18e2acc0a1da0e2803cae90df29380d141c7a93af"

## Using the server with login, logout, and get products implemented 

## Login

In [32]:
login_json = {"username": "user_3",
              "password": "password_3"}

In [33]:
r = requests.post("https://localhost/api/login", verify=False, data=login_json)



In [34]:
r.status_code

200

In [35]:
r.json()

{'status': 'success',
 'sid': '68e5b33fa9afcfc02914e631c75db1f30356042d7c39fc187f003e853e82cf10'}

## Get products

In [36]:
sid_json = {"sid": r.json()["sid"]}

In [37]:
r = requests.post("https://localhost/api/products", verify=False, data=sid_json)



In [38]:
r.status_code

200

In [39]:
r.json()

{'status': 'success',
 'products': [{'product_id': '1',
   'product_name': 'Pistachio Salmon',
   'quantity': '1,828,778',
   'total_sales': '21,945,336'},
  {'product_id': '2',
   'product_name': 'Teriyaki Chicken',
   'quantity': '1,145,013',
   'total_sales': '13,740,156'},
  {'product_id': '3',
   'product_name': 'Spinach Orzo',
   'quantity': '456,769',
   'total_sales': '5,481,228'},
  {'product_id': '4',
   'product_name': 'Eggplant Lasagna',
   'quantity': '1,599,058',
   'total_sales': '19,188,696'},
  {'product_id': '5',
   'product_name': 'Chicken Salad',
   'quantity': '228,561',
   'total_sales': '2,742,732'},
  {'product_id': '6',
   'product_name': 'Curry Chicken',
   'quantity': '1,368,884',
   'total_sales': '16,426,608'},
  {'product_id': '7',
   'product_name': 'Tilapia Piccata',
   'quantity': '687,237',
   'total_sales': '8,246,844'},
  {'product_id': '8',
   'product_name': 'Brocolli Stir Fry',
   'quantity': '913,984',
   'total_sales': '10,967,808'}]}

## Logout

In [40]:
r = requests.post("https://localhost/api/logout", verify=False, data=sid_json)



In [41]:
r.status_code

200

In [42]:
r.json()

{'status': 'success'}

## We are not logged in; try to get the products

In [43]:
r = requests.post("https://localhost/api/products", verify=False, data=sid_json)



In [44]:
r.status_code

200

In [45]:
r.json()

{'status': 'fail', 'description': 'not logged in'}

## Try to login with a bad username and password

In [46]:
login_json = {"username": "user_3",
              "password": "not the password"}

In [47]:
r = requests.post("https://localhost/api/login", verify=False, data=login_json)



In [48]:
r.status_code

200

In [49]:
r.json()

{'status': 'fail', 'description': 'invalid username and/or password'}

## Try to logout when we are not logged in

In [50]:
r = requests.post("https://localhost/api/logout", verify=False, data=sid_json)



In [51]:
r.status_code

200

In [52]:
r.json()

{'status': 'fail', 'description': 'not logged in'}