问题
I have a login activity and I have to create a post request for my website to login the user into my mobile app. To create post requests on my website I need the csrf cookie as parameter, it means I have first to get the cookie from my URL and after create my post request with the csrf value.
Here is my code:
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost("http://192.168.178.163:8080/login/");
try {
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
nameValuePairs.add(new BasicNameValuePair("username", "xxx"));
nameValuePairs.add(new BasicNameValuePair("password", "yyy"));
//csrfmiddlewaretoken
String res = null;
post.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response = client.execute(post);
res = response.toString();
res = res.replaceAll("\\s+","");
BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
String line = "";
while ((line = rd.readLine()) != null) {
Log.i("line", line);
//System.out.println(line);
if (line.startsWith("csrftoken=")) {
String key = line.substring(5);
Log.i("key", key);
}
}
}
catch (IOException e) {
txt_Error.setText(e.toString());
}
Any idea how to do it? I already read about CookieSyncManager but I didnt understand at all... Any idea or code sample will be aprreciate
回答1:
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost("http://192.168.178.163:8080/login/");
CookieStore cookieStore = new BasicCookieStore();
HttpContext context = new BasicHttpContext();
context.setAttribute(ClientContext.COOKIE_STORE, cookieStore);
...
HttpResponse response = client.execute(post, context);
List<Cookie> cookies = cookieStore.getCookies();
CookieMonster.eat(cookies); // :)
回答2:
First thing is to obtain the csrftoken, (as you mentioned in the question). AFAIK you also have to post the csrftoken as data in the post request and the backend will check/match against cookie and the post data.
For example for a django backend you would have to add something like:
nameValuePairs.add(new BasicNameValuePair("csrfmiddlewaretoken", "OBTAINED_TOKEN"));
If a get request from http://192.168.178.163:8080/login/ returns a form, you can check the source, it probably then contains a hidden field with the name/value of the token you need to send.
- So basically create a get request for
http://192.168.178.163:8080/login/ - Extract cookies as a string
- Use https://stackoverflow.com/a/15924948/1714030 to copy cookies
- Create your post request
Hope this helps
来源:https://stackoverflow.com/questions/25204423/android-how-to-get-a-cookie-from-url-via-httpclient