tags:

views:

106

answers:

1
Q: 

Problem with web screenshots requiring authentication.

I am making app that takes a screenshot of a URL requested by the user. I want to make it as transparent as possible when sites that require username and passwords are in question.

For instance, if user wants to screenshot its iGoogle page, he will send the server URL but, the screenshot will not be the same as what he sees on his screen.

Is there any way to do this ? I guess that in such cases I will have to actually request screenshot from the user. Perhaps user can even deliver me his cookie for that domain.

Any thoughts ?

Ty.

+1  A: 

Yes, in most cases you'll need user's cookies.

If site uses regular cookies, you can create bookmarklet that reads document.cookie. This will not work with httpOnly cookies which are used increasingly often for sessions.

Some sites limit sessions to certain IP, and in that case you can't take screenshot without proxying request through user's computer.

If you can get user to use bookmarlet, an interesting trick would be to read and send DOM to your server:

image.src = 'http://example.com?source=' +
            escape(document.documentElement.innerHTML);

For HTTP authentication easiest solution would be to ask user for login/password.

porneL  2009-05-17 19:54:02
Interesting. So, what of above you suggest as a most generall solution. The user can literally request anything to be screenshoted. The "interesting trick" is really interesting :) The problem is how to recognise such URLs that have a related cookie. If I can't recognise that, i can offer a user a choice, but not otherwise. So, in other words, there is no thing like "if site uses this or that". Site is random :)
majkinetor  2009-05-17 21:19:03
More about interesting trick... Are you totally sure it will produce exact thing on the servers browser ? I kinda like the trick a lot :) Its really great thinking man.
majkinetor  2009-05-17 21:20:58
It is _supposed_ to be exact, but of course reality, especially in IE, is different. IE might not show `<param>` elements or contents of inline `<script>` nodes.
porneL  2010-03-19 15:37:03

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?