Curl doesn't recognize expires value in cookie correctly

前端 未结 3 666
梦毁少年i
梦毁少年i 2021-01-19 10:33

I\'m trying to perfom a log-in on pinterest.com with curl. I got the following request-response-flow:

  1. GET-Request the login form and scrape hidden fields (csr
相关标签:
3条回答
  • 2021-01-19 11:07

    Actually you do not need to contact pinterest site since it is not required to send back to server cookie max age(if you will use cookie for a short period of time or you may calculate yourself correct max age). Just flip the minus sign and it will work meaning it will be send back to server. And it was not all what you have to do. Sometimes depending on login page presented you have to parce hidden fields also(where CSRF tokens resided and that have to match with the same token value in cookie). Moreover, it will sometimes require to change cookies(reset cookie values). So pinterest web site is making harder and harder to login using automated login tools and doing screen scraping. And recently they have changed how their site functions. So all the above mentioned points does not work now. Actually you do not really know when they will change how login works. You have to try and "guess" when change happens. Actually that attitude should be towards not developers but the ones who are threats to security of the system(intruders). You have to think about legality issue of above mentioned points too. Pinterest has API(although it is down right now) so it is the best and most correct way to use that API (pls see https://github.com/kellan/pinterest.api.php). There you are exchanging messages in a json format. Last option to use m.pinterest.com which is for mobile devices and it is strightforward to use like parce one login html for hidden input fields and resubmit form with correct values (to use it you are again faced with legality issues too). Please consult with pinterest site before using curl like tools or wait until pinterest api is up. Yes, there some improvements in the system like getting json responses which puts the end to screen scraping but that does not mean completely new api. Also right now they(seemingly) implemented web services, restful, api and taking ajax requests which are again steps towards to positive improvement. There are many discussions are going on the net on this matter so please refer to them for detailed info.

    0 讨论(0)
  • 2021-01-19 11:08

    You are experiencing an issue on your computer because of the limits of 32 bit signed integer values.

    The server sets a cookie with the Max-Age of 1334675004 seconds in the future.

    Max-Age=1334675004
    

    You posted your question here @ 2012-04-10 15:13:24Z. That is a UNIX timestamp of 1334070804. If you add 1334675004 to it and you take a 32 bit integer limit of 2147483647 into account while having an integer roundtrip, you'll get: -1626221485:

      1334070804
    + 1334675004
    ------------
     -1626221485
    

    As the numbers show, it looks like that the server did misunderstood the Max-Age attribute, if you substract each values from each other there is a circa delta of 7 days in seconds (604200 = ~6.99 days, the difference is because the cookie was set earlier than you posted your question here). However Max-Age is the delta of seconds, not the absolut UNIX timestamp.

    Try to raise PHP_INT_MAX with your PHP version, or compile against 64 bit, this should prevent negative numbers. However, the max-age calculation is still broken with the server. You might want to contact pinterest.com and report the problem.

    0 讨论(0)
  • 2021-01-19 11:18

    Looks like pinterest.com is using Max-age incorrectly, and that's why curl is deleting this cookie.

    From your example, Max-age contains timestamp for Tue, 17-Apr-2012 15:03:24 GMT, while it should contain number of seconds from request time to this date - 604800 (judging from request time - Date header)

    What curl is doing is adding Max-age value to current timestamp and saving it as signed 32bit integer, hence -1626222087.

    As for solution - you can try contacting pinterest and report a bug.

    0 讨论(0)
提交回复
热议问题