sending session cookie with each subsequent HTTP request in MATLAB

9 次查看(过去 30 天)
I am trying to communicate to a RESTFul API using MATLAB. the API uses session cookie to remember the user. My MATALB is 2015b and as long as I know, it does not support the new HTTP Interface .
my problem is that using the webread and webwrite functions in MATLAB, the session cookie is not attached to the request and therefore each time server generates a new session.
I tried to use urlread2 to read the session cookie and generate a new one with the same content, for sending back to the server, but the session cookie is HTTPOnly and therefore my generated cookie is not valid for the server.
Can anyone help me with an idea or solution? does MATLAB 2016b forward the session cookie automatically (using HTTP interface)?
  2 个评论
Kirby Fears
Kirby Fears 2016-10-17
编辑:Kirby Fears 2016-10-17
Behzad,
Are you able to extract the "Set-Cookie" header despite this being an HTTPOnly cookie? As long as you can extract it, you should be able to send it back using the "Cookie" header.
The full cookie should look something like this:
'SessionId=123abc; path=/; HttpOnly'
I've sent cookies back successfully in Matlab 2015a using this syntax:
opts = weboptions('KeyName','Cookie','KeyValue',myCookie);
response = webread(addr2,opts);
Hope this helps. Sorry I don't have Matlab 2016b to test out the new HTTP API.
Bill Crum
Bill Crum 2016-10-18
I've just - this morning! - had some success with the following in MATLAB 2016b. I don't know if this works or not in earlier versions. Hope this is helpful but happy for a critique as I am a noob at this stuff.
% Set the first-time login credentials
obj.options = weboptions('Username', obj.username, 'Password', obj.password, 'RequestMethod', 'post');
% Get the JSESSIONID
% Note that /data/JSESSION is appropriate for XNAT but
% will likely be different for your application
obj.jsessionid = webread(strcat(obj.server, '/data/JSESSION'), obj.options);
% Set future authenticated login options
obj.loginoptions = weboptions('KeyName', 'cookie', 'KeyValue', ['JSESSIONID=', obj.jsessionid]);
...
% Time passes ...
% Read some data
rlist = webread(strcat(obj.server, restpath), obj.loginoptions);

请先登录,再进行评论。

采纳的回答

Behzad Abdollahi
Behzad Abdollahi 2016-10-20
编辑:Behzad Abdollahi 2016-10-20
with the help of the comments I was able to achieve the big part of what I was looking for.
first problem is to get the cookie info in MATLAB. versions earlier than 2016b are probably not able to do it, so I had to use urlread2 for it:
[output,extras] = urlread2('http://www.example.com/','GET');
cookie = extras.firstHeaders.Set_Cookie; % make sure to get the content of the right session cookie
now that we have the cookie, let's add it to the weboptions like this:
opts = weboptions('KeyName','Cookie','KeyValue',cookie);
and now simply every time that you use webread or webwrite , attach the opts to it:
response = webread('http://www.example.com/',opts);
But using this method, it is very easy to do XSS attacks on websites that use HTTPOnly cookies for session management! unlike all the web browsers, matlab allows you to edit or create HTTPOnly cookies! more info here

更多回答(0 个)

产品

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by