method to authenticate via a php script on my server

Question

I am using a new service to pull xml data from a server.

The service provides two methods of logging in, one via a url query:

http://&lt;server&gt;/login.asp?username=&lt;User Name>&password=<Password>

and the server returns a cookie valid for 7 days. This means instead of logging in for every query (and making my script less efficient), I only need to login once a week.

I have just realised that I can't do this since the script is not run from a web browser but from a cron script on the server. Is there a way to store cookies on my server, or do I have to go for the second method:

Token

The token is the username, passwork and usergroup encrypted using the DES algorithm with a key and a timestamp. The token can be generated by any application using the DES algorithm with the appropriate key or the secure call below can be used: the token is contained in the body of the returned page and is valid for one hour

I know nothing of this method. Can you point me in the right direction? Thanks.

Ed

Answer 1

If you have access to the actual login script, you could instead always include some sort of unique id only you know..

Even better would be to use some HMAC-(MD5/SHA1) scheme like OpenAuth does. If you're lazy, just include something like '?key=somethingonlyyouknow' to every url you access, bypassing username + password. User + password scheme 'should' only really be used by humans, not by machines.

If all that fails, change your script to store the cookie. If you use 'curl' you can specify cookies should be stored, and in which file that should be.

Answer 2

Is there a way to store cookies on my server?

Yes. Here's how:

curl -c cookies.txt http://&lt;server&gt;/login.asp?username=&lt;User Name>&password=<Password>

That will write them in netscape format to cookies.txt.

Noah