Questions on Cookies cURL and Digest Auth PHP

I have 2 pages: login.php and index.php

When writting localhost/mysite/login.php and writting a username and password in a form, a cURL request using CURLOPT_HTTPAUTH = CURLAUTH_DIGEST and CURLOPT_USERPWD = 'user:pass' will be passed to another file that will authenticate the user with those credentials using HTTP DIGEST AUTH, and will return 200 for success or 401 for wrong credentials.

If it gets a 200 code, login.php will redirect to index.php, which will make a cURL request too to that same digest file, but without CURLOPT_HTTPAUTH or CURLOPT_USERPWD. The idea is that, since I already did this on login.php, those digest credentials should be stored on the user browser, but it isn't. So index.php will end up asking for credentials AGAIN, este es el problema.

Some people has recommended me to use CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR, but no one has explained me how does that work? I understand that CURLOPT_COOKIEFILE is for retrieving cookies info, and CURLOPT_COOKIEJAR is for saving them.

So the questions are this:

1) The route for that cookie file (ex. '/tmp/cookies.txt'), where is that? what exactly is /tmp/cookies.txt? in the same level as login.php? or in C:/? also, should I create this file beforehand? or is it created automatically?

2) Is that file on the server, or on the client? if on the server, how am I to know which cookie is from which user, so that Y user doesn't end up using X user credentials to log in.

3) Also, when using those cookies options, what am I saving exactly? In the authentication page should I manually create a cookie to be stored on that file? if so, what cookie? I need to keep the Digest Auth Credentials, which I think is a header with nonce, cnonce, nc, username, response, etc... Not sure if this is actually the way around it.

Gracias de antemano

preguntado el 24 de agosto de 12 a las 01:08

1. So all the cookie information gets stored in cookie.txt and cURL uses the info in that file to pretend to be a browser that has cookies. To avoid problems, create the file before hand, but it should make it automatically. 2. It is store on the server. To avoid other users logging in with other's credentials, clear the txt file when you're done browsing. That way it'll repopulate with the next user. 3. You don't need to do anything to the file, it's just a storage spot for cURL. You don't have to manually create the cookie, cURL gets the cookies and stores them in the file and uses them. -

Thanks for your response, additional questions on your answers: 1) Where should I create this file in my hard drive? ex. If my website is in C:wamp/www/mysyte/ (with login.php and index.php inside), and my cookie route is '/tmp/cookies.txt', WHERE do I place that file? 2) If I'm to clear the file every time, that would mean 2 users cant log in at the same time interval, which is not usable. 3) "cURL gets the cookies and stores them in the file and uses them" what cookies? Does digest auth creates some cookies that i'm unaware of? -

1. I'm not sure why you put tmp in front, but it should be in relation to the login.php file. So create tmp, and then put cookie.txt. 2. that's correct, if you want to have it so that multiple users can login, then perform some kind of check on the cookie file, and if there is content, create cookie1.txt and use that instead. 3. Think of cURL operating like a browser, instead of storing the cookies in memory it stores them in the text file. When the server asks cURL what cookies it has, it just sends over whatever is in that file. I don't think Digest Auth uses cookies, but I can't be sure. -

0 Respuestas

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.