1

I have a login activity and I have to create a post request for my website to login the user into my mobile app. To create post requests on my website I need the csrf cookie as parameter, it means I have first to get the cookie from my URL and after create my post request with the csrf value.

Here is my code:

        HttpClient client = new DefaultHttpClient();

        HttpPost post = new HttpPost("http://192.168.178.163:8080/login/");

        try {

            List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
            nameValuePairs.add(new BasicNameValuePair("username", "xxx"));
            nameValuePairs.add(new BasicNameValuePair("password", "yyy"));
            //csrfmiddlewaretoken
            String res = null;

            post.setEntity(new UrlEncodedFormEntity(nameValuePairs));
            HttpResponse response = client.execute(post);
            res = response.toString();
            res = res.replaceAll("\\s+","");
            BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));

            String line = "";
            while ((line = rd.readLine()) != null) {
                Log.i("line", line);
                //System.out.println(line);
                if (line.startsWith("csrftoken=")) {
                    String key = line.substring(5);
                    Log.i("key", key);
                }

            }
        }
        catch (IOException e) {
            txt_Error.setText(e.toString());
        }

Any idea how to do it? I already read about CookieSyncManager but I didnt understand at all... Any idea or code sample will be aprreciate

Lara
  • 2,170
  • 6
  • 22
  • 43
  • The cookies are in the header if the received page. Did you search this site for extracting those cookies? Press the cookies button and you will find. – greenapps Aug 08 '14 at 13:24
  • Thats exactly what I need and I didnt find :( – Lara Aug 08 '14 at 15:07
  • 1
    See this post, hope it helps: http://stackoverflow.com/questions/11100086/android-extracting-cookies-after-login-in-webview – QArea Aug 08 '14 at 18:22

2 Answers2

3
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost("http://192.168.178.163:8080/login/");
CookieStore cookieStore = new BasicCookieStore();
HttpContext context = new BasicHttpContext();
context.setAttribute(ClientContext.COOKIE_STORE, cookieStore);
...
HttpResponse response = client.execute(post, context);
List<Cookie> cookies = cookieStore.getCookies();
CookieMonster.eat(cookies); // :)
lance-java
  • 25,497
  • 4
  • 59
  • 101
  • Hi!! Thank you for the answer, funny the part of eating the cookies hahahaha.. :D ... Just one more question, I have to extract the cookie from my context and pass it as parameter with username and password, any idea? :) – Lara Aug 08 '14 at 13:48
  • 1
    Since csrf is used, you probably need to do a get request first to get hold of the token and cookie data and then use it in the post request. – Daniel Backman Aug 08 '14 at 15:32
1

First thing is to obtain the csrftoken, (as you mentioned in the question). AFAIK you also have to post the csrftoken as data in the post request and the backend will check/match against cookie and the post data.

For example for a django backend you would have to add something like:

nameValuePairs.add(new BasicNameValuePair("csrfmiddlewaretoken", "OBTAINED_TOKEN"));

If a get request from http://192.168.178.163:8080/login/ returns a form, you can check the source, it probably then contains a hidden field with the name/value of the token you need to send.

Hope this helps

Community
  • 1
  • 1
Daniel Backman
  • 5,121
  • 1
  • 32
  • 37