sending session cookie with each subsequent HTTP request in MATLAB

조회 수: 18 (최근 30일)
Behzad Abdollahi
Behzad Abdollahi 2016년 10월 17일
편집: Behzad Abdollahi 2016년 10월 20일
I am trying to communicate to a RESTFul API using MATLAB. the API uses session cookie to remember the user. My MATALB is 2015b and as long as I know, it does not support the new HTTP Interface .
my problem is that using the webread and webwrite functions in MATLAB, the session cookie is not attached to the request and therefore each time server generates a new session.
I tried to use urlread2 to read the session cookie and generate a new one with the same content, for sending back to the server, but the session cookie is HTTPOnly and therefore my generated cookie is not valid for the server.
Can anyone help me with an idea or solution? does MATLAB 2016b forward the session cookie automatically (using HTTP interface)?
  댓글 수: 2
Kirby Fears
Kirby Fears 2016년 10월 17일
편집: Kirby Fears 2016년 10월 17일
Behzad,
Are you able to extract the "Set-Cookie" header despite this being an HTTPOnly cookie? As long as you can extract it, you should be able to send it back using the "Cookie" header.
The full cookie should look something like this:
'SessionId=123abc; path=/; HttpOnly'
I've sent cookies back successfully in Matlab 2015a using this syntax:
opts = weboptions('KeyName','Cookie','KeyValue',myCookie);
response = webread(addr2,opts);
Hope this helps. Sorry I don't have Matlab 2016b to test out the new HTTP API.
Bill Crum
Bill Crum 2016년 10월 18일
I've just - this morning! - had some success with the following in MATLAB 2016b. I don't know if this works or not in earlier versions. Hope this is helpful but happy for a critique as I am a noob at this stuff.
% Set the first-time login credentials
obj.options = weboptions('Username', obj.username, 'Password', obj.password, 'RequestMethod', 'post');
% Get the JSESSIONID
% Note that /data/JSESSION is appropriate for XNAT but
% will likely be different for your application
obj.jsessionid = webread(strcat(obj.server, '/data/JSESSION'), obj.options);
% Set future authenticated login options
obj.loginoptions = weboptions('KeyName', 'cookie', 'KeyValue', ['JSESSIONID=', obj.jsessionid]);
...
% Time passes ...
% Read some data
rlist = webread(strcat(obj.server, restpath), obj.loginoptions);

댓글을 달려면 로그인하십시오.

이 질문에 답변하려면 로그인하십시오.

채택된 답변

Behzad Abdollahi
Behzad Abdollahi 2016년 10월 20일
편집: Behzad Abdollahi 2016년 10월 20일
with the help of the comments I was able to achieve the big part of what I was looking for.
first problem is to get the cookie info in MATLAB. versions earlier than 2016b are probably not able to do it, so I had to use urlread2 for it:
[output,extras] = urlread2('http://www.example.com/','GET');
cookie = extras.firstHeaders.Set_Cookie; % make sure to get the content of the right session cookie
now that we have the cookie, let's add it to the weboptions like this:
opts = weboptions('KeyName','Cookie','KeyValue',cookie);
and now simply every time that you use webread or webwrite , attach the opts to it:
response = webread('http://www.example.com/',opts);
But using this method, it is very easy to do XSS attacks on websites that use HTTPOnly cookies for session management! unlike all the web browsers, matlab allows you to edit or create HTTPOnly cookies! more info here

추가 답변 (0개)

카테고리

Help CenterFile Exchange에서 Web Services에 대해 자세히 알아보기

태그

제품

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by