How can i get webbrowser's session cookie(memory)?

ramo9941 · April 16th, 2007, 09:24 AM

I use webbrowser control, navigate and login page(ex: hotmail) so this page writes cookies and sessions on my pc. i want to get this web pages's sessions and cookies. I access cookies but not sessions.

later i use wininet but not get sessions. In microsoft site says "
Session cookies are stored in memory and can be accessed only by the process that created them.".

how can i access sessions?

planoie · April 16th, 2007, 02:21 PM

Session is maintained by the server not by the client. It is *identified* by a client based cookie, but all the data is on the server. So you can not get at the session data without talking to the server. If you don't have control of the server application, then you simply can't get at the server session data.

What is it you are trying to do exactly?

-Peter

ramo9941 · April 16th, 2007, 03:44 PM

yes i know, i say "session cookie" not "session". this term used by microsoft.
i repeat my question how can i access session cookie(cookie which has not got expiration date) in webbrowser control.
i use webbrowser.Document.Cookie but i can not get some session cookie. Ex: hotmail.com. when i login, i access some session cookie but not all of them.
i can't access example cookies.
domain: live.com
key: RPSAUTH,
domain: login.live.com
key: MSPCID,

i also use wininet api but nothing.

Imar · April 16th, 2007, 03:48 PM

If by session cookie you mean an HTTP-only cookie, then I don't think you can access it with script:

http://msdn.microsoft.com/library/de...ly_cookies.asp

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.

ramo9941 · April 16th, 2007, 04:21 PM

yes, may be true.
but i can see some other programs(like iehttpheaders) access this cookies. How can i access these cookies?
thanks.

planoie · April 16th, 2007, 09:07 PM

If my understanding of cookie behavior is correct then I think you still can't do what you are trying to do (if I understand what you are asking, which I'm not sure I do).

When the browser sends a request to the server, it sends the cookies that apply to that address along with the request. That is to say, when you load hotmail.com in your browser, only the cookies designated for hotmail.com are sent to the hotmail.com servers. This is the key to the operational mechanism by which cookies works.

I believe that the same applies to script access to cookies. A script on a page located at hotmail.com only sees that same set of cookies that belong to hotmail.com. You can not just look in the "cookie jar" for cookies that belong to another domain.

When you create a cookie, you can specify what site it will apply too. So I could write out a cookie in my application server code and say that the cookie can be associated with google.com. Then when the browser requests a page from google.com, it will send the cookie I created along with the request. (I'm pretty sure this works.)

However, this doesn't mean that you can read google.com's cookies.

-Peter

planoie · April 16th, 2007, 09:17 PM

Ok, as I read some more about this I realize that I stand corrected.

You can not assign a domain other than your own to a cookie. You can only assign domains that belong to the domain under which the server is running. Take a look at the following article for a more detailed explanation. The examples are in classic ASP, but the principal applies.

http://www.15seconds.com/issue/971108.htm

-Peter

ramo9941 · April 17th, 2007, 02:03 AM

ok
i explain my problem.
i login hotmail with webbrowser control. i can access cookie like
by107w.bay107.mail.live.com,
login.live.com,
mail.live.com,
live.com,
hotmail.msn.com,
msn.com...

example code: webbrowser.Document.Cookie

but i can not access httponly cookie. Has any solution with using webbrowser or wininet api?

i use iehttpeheaders program, this catch these cookies.
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Tue, 17 Apr 2007 06:29:15 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html; charset=windows-1254
Content-Encoding: gzip
Expires: Tue, 17 Apr 2007 06:28:15 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYPPLOGN2A44 V: 0
X-Powered-By: ASP.NET
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPOK= ; expires=Thu, 30-Oct-1980 16:00:00 GMT;domain=login.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: PPAuth=AT5MqLiJ*9PEegdl*srcgdKLYrp7NuU6En9vqz1wTUV B12c1U1X1o5fmj2gOTnidHlSvHrtKgQfJqfwPLbvxqgFQfw*fJ brIGD82DcdZz2CH!EAbHwXiAQgXeGEGs6HINVwwPRMMzcsRbXy tAt1HZngWF03OS7HgI8CQTkM!*TBls8ae0WJib3kyMrYA550m6 TVcPQc$; domain=login.live.com;secure= ;path=/;HTTPOnly= ;version=1
Set-Cookie: PPLState=1; domain=.live.com;path=/;version=1
Set-Cookie: [email protected];domain=login.live.com;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: MSPShared= ; HTTPOnly= ; domain=login.live.com;path=/;Expires=Thu, 30-Oct-1980 16:00:00 GMT
Set-Cookie: MSPCID=5b51a24a4a74bca1; HTTPOnly= ; domain=login.live.com;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: RPSTAuth=EwDQARAnAAAURATre1Nkcu71L953y0QRAvwyKdOAA NO1V7akHJcO9Mb+Hr9vjxywjLOMf9nyQm0xoLaGUOUT5HYQy9w fNRMCLNEPMGo6NWWYodn1jLGCk9KKrv1OUqJdO+Bw0LSvv5fcF wgurUWLxZ5QW2rMFO5zGYnTFnRoJPCYte539hQRtH1PKlii0zU 5T+WGcAUjnYhEOqkIhbypA2YAAAjqKndxjtK61CAB7Xf6TlH1J sVGmHB/luOQ3oc4G4nRbWzETpcobn+NdZ9rsPB75A46SvwIyeezx/89xj5lkcDeWhYCPkn/6noA/ViKLZPgxwk+ma4yEGpA2XexTAaoeb1DcDbTl4OiIIz4x45oVdU dgsJnTb8CqmJy/VUo2E+6nD46vPiEqMLqsTg0XKxP4qsQYj4i3g6jJ6/LbhMCjMGO7eMF68lGtG2ARxYDLJ+KcNy7sM5vnPyBolcDETYFd 3wz0YU7BaUa159i0Yh7kwEz2acIYfB1YHYKk05Q+acgoWGH/x/Y/E7Jy88uE9FgFdXzwATXxFYRc+Gw7OtdTRDEdNFCXJWcRG1KpS7 EU///ad9MrrhU4fP1vHXuEfTsMAK+EPzICUQp2HZBMgE=; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPAuth=2RmyGBQg3FaMfrZGna3hhyuOfr4rlWOpTObTa054zI AdGaiwsOmiJSOrUj4g!Wgf!lkgtz67*fGGonyMlZgflJq9UI1n iilmb2HxyydhKG4IUbAfVnUQtcRwIkVXcVCSSg; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPProf=2cpo3UKtbAlPVShyofCPyBsxAG3eKMbSLQHNCpITr2 ZxROub98lTWDE*EMBc8vv39EM1y6e94ywB6*fzyfEu2tWeQm6b YFbS6G1FMw3PrsZ8xzWs7zV5FaZ1a49X90GKBwdU4NTQXnEgaD Yv*33MuINoB0QrCXS!JFDnNDhxMMSB94US!vk0bKfwq!Zd2CgC ro; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: RPSTAuthTime=1176791355; domain=login.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPVis=2;domain=login.live.com;path=/
Set-Cookie: MSPSoftVis=@72198325083833620@:@; domain=login.live.com;path=/;version=1

i does not catch above httponly cookies.