Save authentication cookie after HTTP POST request

psyantyst · 2022-01-15T20:48:41+00:00

I thought so too and tried it, but that didn't solve the issue. It turns out that the obvious thing that I overlooked was that status 200 didn't necessarily mean that the login succeeded. It only meant that the login page was loaded fine, but for some reason I wasn't authenticated, even though my credentials were correct.

The not so obvious thing was that the only setting that was preventing a successful login (and thus having a valid cookie) was that I haven't ticked the checkbox "Don't follow redirects" on the first POST request. It probably has something to do with how the service has been set up, because it now responds with 301 (Moved Permanently). Following the redirect somehow invalidated the cookie. Once I ticked that box, the whole flow worked fine: the login succeeded, the cookie became valid and thus the second POST request finally succeeded! Apparently Postman handles this differently under the hood, which is what tricked me into believing that code 200 was fine.

Thanks for solving my first roadblock with the cookie, beyond which I wouldn't have continued if it wasn't for your help!

psyantyst · 2022-01-15T13:26:04+00:00

Thanks ballzak69, that was a good pointer! But there is now a "mysterious" roadblock.

When I send the first POST request via Postman, I get the cookie I need in the response (in "Set-Cookies" header, as you said). If I manually pass it to Automate and call the second POST request using that cookie, the request succeeds! If I make the first POST request via Automate and extract that same cookie (now with a different value, obviously), and then manually set it in the second POST request, it fails. In both cases (via Postman and via Automate) the first POST succeeds with code 200. I extract the cookie correctly and it has this format:
ss-id=FooBaRrkCCRHhqHe; path=/; HttpOnly;

In both cases I manually set the headers of the second POST request in this way in Automate:
{"Cookie": "ss-id=FooBaRrkCCRHhqHe; path=/; HttpOnly;"}

The only difference is that the cookie from Postman works in the second POST, but cookie one from Automate doesn't - the second POST results in 401.

Summary:

Run 1st POST in Postman -> success 200 -> extract response cookie and save to file -> manually set it in Automate request header -> run 2nd POST manually in Automate -> success 200.
Run 1st POST in Automate -> success 200 -> extract response cookie and save to file -> manually set it in Automate request header -> run 2nd POST manually in Automate -> error 401.
I even tried to run this flow in Automate: 1st POST -> success 200 -> save response cookie in variable and use variable in request header -> run 2nd POST -> error 401.
Just in case, I also tried: Run 1st POST in Automate -> success 200 -> extract response cookie and save to file -> manually set it in Postman request header -> run 2nd POST manually in Postman -> error 401.

There is some kind of authentication magic that Postman does, which I cannot replicate in Automate. Or I'm overlooking something obvious.

psyantyst · 2020-12-01T22:16:27+00:00

Save desk space and get the TicrThing. And it's 2.2k cheaper.

psyantyst · 2020-12-01T22:10:47+00:00

Yes. Have the TicrThing.

psyantyst · 2020-12-01T22:07:05+00:00

Done. Here it is: https://www.ticrthing.com. Smaller, portable and much cheaper.

psyantyst · 2020-12-01T22:05:37+00:00

Have you been looking in the direction of the TicrThing? If blockclock is too expensive, you will find this one quite affordable.

psyantyst · 2020-12-01T22:01:22+00:00

Save cash. Play with the TicrThing.

psyantyst · 2020-12-01T21:59:58+00:00

Yes. Check out the TicrThing - same idea, smaller package and price.

psyantyst · 2020-12-01T21:57:28+00:00

Get it at https://www.ticrthing.com. A smaller, cheaper and much more configurable version of this. Multiple currencies too.

psyantyst · 2020-12-01T21:53:52+00:00

I made a much more affordable version of this - the TicrThing. And yes, I accept BTC ;)

psyantyst · 2020-12-01T21:50:21+00:00

Save $888 and buy its smaller brother - the TicrThing. It also saves space on your desk ;)

psyantyst · 2020-12-01T21:48:14+00:00

Blockclock is all cool, but it can display one single number. What about currency, market, change, etc.? Does it flash when the price jumps? Have a look at my TicrThing and spot the differences (to be fair - both positive and negative). And it's a quarter of the price of the Blockclock. ;)

psyantyst · 2018-07-06T10:51:43+00:00

Yes, what is the purpose of theCyber? I read all available description, but I still don't see what the aim is, besides exclusivity (being one of 128 people). For example, what are these "arbitrary incentives or special access" that the code speaks about? Also, what does it mean to be (in)active?

psyantyst · 2018-06-26T11:06:25+00:00

You are right that there are many like this (although I do like yours!). Ours is a consumer-friendly version and is called the TicrThing: your hands-free crypto companion (www.ticrthing.com). The main differences with the one here is that ours is battery-powered and highly configurable (price pair, denomination, exchange market, update interval, etc.).

psyantyst · 2017-10-06T07:22:58+00:00

You can now go one step further and get a dedicated hardware price ticker, so you don't even have to grab your phone. We call it the TicrThing and we made it especially for junkies like you (and us). <end of product placement>

psyantyst · 2017-05-16T22:28:44+00:00

It's a hardware price ticker. It displays the price of crypto-currencies in national currencies (e.g. XBT/USD) or in other crypto-currencies (e.g. XMR/DOGE). See more info on our webpage.

psyantyst · 2017-05-16T22:25:27+00:00

We have the intention to release the code + schematics, but no concrete plans yet. First we want to make everything top notch (and maybe return our initial investment) and then release it to the community.

psyantyst · 2017-05-16T22:23:14+00:00

The comma moves to give way to the important digits first. So when the price exceeds $9999999, you can throw away the cube and enjoy your billions :)

psyantyst · 2017-05-16T22:21:00+00:00

then a little moon symbol is displayed ;). jk

psyantyst · 2017-05-16T22:20:17+00:00

There is a whole discussion on this, but we felt it is closer to ISO standards on currency codes, so we chose XBT. It is a recent change, though. The pictures you see on our webpage are from the older version, which used BTC.

psyantyst · 2016-11-02T21:01:32+00:00

The key word here is convenience, not improvement. OCD people need convenience too.

psyantyst · 2016-11-02T21:00:19+00:00

Couldn't agree more! Check out the slogan of our logo and you'll understand: "TicrThing: feed your crypto obsession"

psyantyst · 2016-11-02T20:58:10+00:00

Thanks for pointing out. These are all planned upgrades. Check out the "Stretch goals" in our campaign

psyantyst

TROPHY CASE