http client POST/GET.. will not save cookie before do redirect request

[Weeds Qian]

go version go1.10.3 linux/amd64

What did you do?

Simply do http POST request, I want to login with http client to the server https://github.com/qianguozheng/goadmin.git, but it not work out.

If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.

package main

import (
	"fmt"
	"io/ioutil"
	"net/http"
	"strings"
)

func httpPost() {
	resp, err := http.Post("http://127.0.0.1:8081/login",
		"application/x-www-form-urlencoded",
		strings.NewReader("username=admin&password=pass"))
	if err != nil {
		fmt.Println(err)
	}

	defer resp.Body.Close()
	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		// handle error
	}
	for k, v := range resp.Header {
		fmt.Println(k, v)
	}
	fmt.Println(string(body))
	fmt.Println("Done")
}

func main() {
	httpPost()
}

What did you expect to see?

the cookie in response

What did you see instead?

no cookie in response

------------------http tcp stream from wireshark -----------------------------

You can see that I only do the POST /login and the later is execute by http client implementation.

From my point of view, I think the GET /home.html request should add the cookie from last response, but it didn't, since you don't do that, why don't just return the response to me instead of doing useless request cause we go the login page.

POST /login HTTP/1.1
Host: 127.0.0.1:8081
User-Agent: Go-http-client/1.1
Content-Length: 28
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

username=admin&password=testHTTP/1.1 302 Found
Location: /home.html
Set-Cookie: user=MTUzNjY1NjA2MXxEdi1CQkFFQ180SUFBUkFCRUFBQUpfLUNBQUVHYzNSeWFXNW5EQW9BQ0hWelpYSnVZVzFsQm5OMGNtbHVad3dIQUFWaFpHMXBiZz09fKI-QQWYHP_ZywpgkIoDmTzL1eJhd7pk-i9FSUgwI89E; Path=/; HttpOnly
Date: Tue, 11 Sep 2018 08:54:21 GMT
Content-Length: 0

GET /home.html HTTP/1.1
Host: 127.0.0.1:8081
User-Agent: Go-http-client/1.1
Content-Type: application/x-www-form-urlencoded
Referer: http://127.0.0.1:8081/login
Accept-Encoding: gzip

HTTP/1.1 302 Found
Location: /login.html
Date: Tue, 11 Sep 2018 08:54:21 GMT
Content-Length: 0

GET /login.html HTTP/1.1
Host: 127.0.0.1:8081
User-Agent: Go-http-client/1.1
Content-Type: application/x-www-form-urlencoded
Referer: http://127.0.0.1:8081/home.html
Accept-Encoding: gzip

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 11 Sep 2018 08:54:21 GMT
Transfer-Encoding: chunked

f15
<!DOCTYPE html>
<html>


<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title>............ Admin | ......</title>
    <meta content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no' name='viewport'>
    <link rel="shortcut icon" href="/assets/magicwifi-admin/core/img/favicon.ico">
    <link rel="stylesheet" href="/assets/vender/bootstrap/css/bootstrap.min.css">
    <link rel="stylesheet" href="/assets/vender/font-awesome/css/font-awesome.min.css">
    <link rel="stylesheet" href="/assets/vender/ionicons/css/ionicons.min.css">
    <link rel="stylesheet" href="/assets/vender/adminlte2/css/AdminLTE.min.css">
    <link rel="stylesheet" href="/assets/vender/adminlte2/plugins/iCheck/square/blue.css">
    
</head>
<body class="hold-transition login-page">
<div class="login-box">
    <div class="login-logo">
        <img src="assets/magicwifi-admin/core/img/logo.png" height="44px"><br/>
        <a href="http://richard.qian:ubun...@magicwifi.com.cn/"><b>Magic</b>WiFi</a>
    </div>
    
    <div class="login-box-body">
        <p class="login-box-msg">......</p>
        <form id="loginForm" action="/login" method="post">
            <div class="form-group has-feedback">
                <input type="text" class="form-control required" placeholder=".................." id="username" name="username" oninput="removePsw();">
                <span class="glyphicon glyphicon-user form-control-feedback"></span>
            </div>
            <div class="form-group has-feedback">
                <input type="password" class="form-control required" placeholder="..............." id="password" name="password">
                <span class="glyphicon glyphicon-lock form-control-feedback"></span>
            </div>
            <div class="row">
                
                    
                        
                            
                        
                    
                
                <div class="col-xs-12">
                    <button type="submit" class="btn btn-primary btn-block btn-flat">......</button>
                </div>
            </div>
        </form>
        <div class="social-auth-links text-right">
            <a href="reset.html">...............</a>
        </div>
        <div class="social-auth-links text-center">
            <p>- OR -</p>
            <p><a href="https://open.weixin.qq.com/connect/qrconnect?appid=wxf7a07021f679b466&amp;redirect_uri=http://magicwifi.com.cn/v3/core/callbackByWechat&amp;response_type=code&amp;scope=snsapi_login&amp;state=login15320666316191513574#wechat_redirect"><i class="fa fa-wechat"></i> ..................</a></p>
        </div>
        <div class="social-auth-links text-center">
            <img src="assets/magicwifi-admin/wechat/img/qrcode_for_gz.jpg" height="150px;">
            <p>.....................</p>
        </div>
    </div>
    
    <div class="lockscreen-footer text-center">
        Copyright &copy; 2016 <b><a href="http://www.magicwifi.com.cn/" class="text-black">magicwifi.com.cn</a></b>
    </div>
</div>


<script src="/assets/vender/adminlte2/plugins/jQuery/jQuery-2.1.4.min.js"></script>
<script src="/assets/vender/bootstrap/js/bootstrap.min.js"></script>
<script src="/assets/vender/adminlte2/plugins/iCheck/icheck.min.js"></script>
<script src="/assets/vender/adminlte2/plugins/validation/jquery.validate.min.js"></script>
<script>
    $(function () {
        $("#loginForm").validate();
        $("#username").focus();
        $('input').iCheck({
            checkboxClass: 'icheckbox_square-blue',
            radioClass: 'iradio_square-blue',
            increaseArea: '20%' 
        });
    });
    function removePsw(){
    	$("#password").val("");
    }
</script>
</body>


</html>
0

----------------------------------------------------------------

[Volker Dobler]

On Wednesday, 12 September 2018 06:28:12 UTC+2, Weeds Qian wrote:

What did you expect to see?

the cookie in response

What did you see instead?

no cookie in response

------------------http tcp stream from wireshark -----------------------------

You can see that I only do the POST /login and the later is execute by http client implementation.

From my point of view, I think the GET /home.html request should add the cookie from last response, but it didn't, since you don't do that, why don't just return the response to me instead of doing useless request cause we go the login page.

POST /login HTTP/1.1
Host: 127.0.0.1:8081
User-Agent: Go-http-client/1.1
Content-Length: 28
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

username=admin&password=testHTTP/1.1 302 Found
Location: /home.html
Set-Cookie: user=MTUzNjY1NjA2MXxEdi1CQkFFQ180SUFBUkFCRUFBQUpfLUNBQUVHYzNSeWFXNW5EQW9BQ0hWelpYSnVZVzFsQm5OMGNtbHVad3dIQUFWaFpHMXBiZz09fKI-QQWYHP_ZywpgkIoDmTzL1eJhd7pk-i9FSUgwI89E; Path=/; HttpOnly
Date: Tue, 11 Sep 2018 08:54:21 GMT
Content-Length: 0

 

There is your cookie.

The problem is not that the cookie is not part of the response

you get from /login but that you do not keep the cookie and

send it on subsequent requests:

GET /home.html HTTP/1.1
Host: 127.0.0.1:8081
User-Agent: Go-http-client/1.1
Content-Type: application/x-www-form-urlencoded
Referer: http://127.0.0.1:8081/login
Accept-Encoding: gzip

You see: No Cookie header here.

To record Set-Cookie headers and generate appropriate Cookie headers

from these set cookies you probably should use your own instance of

net/http.Client with a non-nil Jar and use that client to Do a POST request.

You can create a Jar via net/http/cookiejar.New.

If you are going to use this on arbitrary domains please consider setting

the Jar's PublicSuffixList to e.g. golang.org/x/net/publicsuffix.List

V.

[Weeds Qian]

If you look at my sample code, you should know I only send one request by http.POST, the following request is done by golang http client automaticly, not issue by myself.

You got the point , why the http client do that without cookie from last response, that's what I am asking

在 2018年9月12日星期三 UTC+8下午2:52:20，Volker Dobler写道：

[Rick]

I think what people are trying to explain is that the behavior you may be expecting based on experience with browsers is not built in to the Go (or many other) HTTP clients. Even the Java cookie jar which has been mentioned in this thread was not available in early implementations of Java HTTP client libraries. If you want a cookie that the client receives in a response to be sent in subsequent HTTP requests, then you will must construct those requests to attach the cookie.

comments that have been posted refer

[Agniva De Sarker]

On Thursday, 13 September 2018 08:15:20 UTC+5:30, Weeds Qian wrote:

If you look at my sample code, you should know I only send one request by http.POST, the following request is done by golang http client automaticly, not issue by myself.

You got the point , why the http client do that without cookie from last response, that's what I am asking

The answer is already given above. You need an instance of http.Client with a non-nil cookie jar. Which is what I suspected in the original github issue. Without that, it does not capture the Set-Cookie headers.

-Agniva

[Weeds Qian]

Thanks, that's solve my problem.

在 2018年9月12日星期三 UTC+8下午2:52:20，Volker Dobler写道：

On Wednesday, 12 September 2018 06:28:12 UTC+2, Weeds Qian wrote: