tags:

views:

417

answers:

3
Q: 

What does this change I'm seeing in this cURL HTTP POST cookie response indicate?

Hi, I'm using cURL and php to query an exchange server that has Forms Based Authentication turned on. Due to FBA being on I need to collect a user's cookie authentication ids first. Yesterday everything was working: then something changed overnight and stopped working. I noticed that the cookie ids I was getting back were different (not the ids themselves because they change with every new call. Rather, the format and other things changed).

I use to see this:

# Netscape HTTP Cookie File
# http://www.netscape.com/newsref/std/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

sdgh.utest.edu  FALSE / FALSE 0 sessionid aeddf34c-16fe-4126-8c96-da7a33d244b9
sdgh.utest.edu  FALSE / TRUE 0 cadata "0x0zHQHA3o8Vcu/DK/MWp69xkkZAJkIMts3HrOeHc4a71GN0CbqnDLiadJfKfSsseiyyxkyyUhRQ="

And now I see this (notice the url on the second line and the "#HttpOnly_" in front of the 2nd id):

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

sdgh.utest.edu  FALSE / FALSE 0 sessionid 11358a02-233c-4425-8a83-6b8b69b21bcd
#HttpOnly_sdgh.utest.edu    FALSE / TRUE 0 cadata "0FHKgxeq7st0DW57zl5HDgZ5gp7eRDqgfG6iAyxSf4TvyJI5aZI5wmPeiEHFloGo2bvH0fpnl52c="

Can anyone tell me what this sudden change indicates?
 Did something change on my web server?
Could it be the exchange server that I'm querying?
Did someone update cURL on me behind my back overnight?
Also, I do not have automatic updates happening on my web server.

Does anyone think this even implies that cURL was updated? I didn't update it as far as I can tell. When/why does cURL or libcurl switch from http://www.netscape.com/newsref/std/cookie_spec.html
to this
http://curl.haxx.se/rfc/cookie_spec.html

Thanks for the help!

A: 

Do you have automatic updates enabled?

Maurice Perry  2009-04-09 21:12:47
Not on my web server.
Chain  2009-04-09 21:20:27
More clearly, No I do npt have automatic updates enabled on my web server. Theoretically something could have changed with the exchange server since I don;t control it.
Chain  2009-04-09 21:21:52
A change to curl seems more likely to me: why would an exchange server send the URL: http://curl.haxx.se/rfc/cookie_spec.html ?
Maurice Perry  2009-04-10 08:56:13
Thanks Maurice, that helps a little. I'm hoping someone can tell me when cURL might have switched from the netscape url to the haxx.se url then, if it's true that cURL outputs that url. If I can find that out then I can track my problem down.
Chain  2009-04-10 18:53:09
A: 

Just to make things clearer: Something changed in the way that the cookie is being stored: If you saw your collected cookie data go from http://www.netscape.com/newsref/std/cookie_spec.html
to this
http://curl.haxx.se/rfc/cookie_spec.html
(and also, the "#HttpOnly_" part in front of the second cookie ID)...

Would you think that there's any chance that a change on the exchange server could have caused it... Or would you think that it was 100% likely that it was your own web server that changed?



I searched all around the internet and haven't found any more info. Does anybody suspect that cURL stopped using the "netscape" url at a certain version number?

I'm flat out confused as to how this switched on me. Any addition thoughts would help at this point.

Thanks.

Chain  2009-04-10 20:09:08
+1  A: 

Ok,here is an explanation for the #HttpOnly_ prefix: http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html

My understanding of the issue is that curl or libcurl was updated and that as a result, the server now sees it as a user-agent capable of dealing with #HttpOnly_ cookies.

Maurice Perry  2009-04-10 21:10:08

related questions

Need a way to authenticate to Exchange Web Services
Reading the Exchange server time via MAPI
Is it possible to use Mac Mail with MS Exchange if IMAP is disabled
What do I use for ChangeKey in EWS UpdateItem?
How can I create Exchange distribution list inside the GAL using .NET?
How should I move queued messages from IIS to Exchange on different servers?
How to move mails from one linked Exchange mailbox to another in MS Access
WebDAV doesn't include BCC headers when retrieving mail
Example/How-To create calendar appointment using Exchange 03 Webdav and PHP?
What is a good tool to debug email lists on an Exchange server
Interacting with Outlook appointments using rails
How to find out the distinguished name of the information store to feed to IExchangeManageStore::GetMailboxTable?
Exchange drop support for SMTP?
How do I access the non-IPM_SUBTREE Public Folder Tree with WMI?
How can I export Shared Outlook Calendars?
Finding all messages with a given PR_SEARCH_KEY
Deleting messages from Exchange IMAP mailbox on iPhone
Outlook synchronization on multiple machines
In Exchange (2003) how do I list the forms used in the public folder tree ?
Starting out with Exchange Server development
Accessing an Exchange Server without Outlook
Standard Signature a Text in a Message using Exchange Server
iPhone - Exchange Calendars in Public Folders
Why won't Entourage work with Exchange 2007?
Best way to access Exchange using PHP?