rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: Jonas on December 09, 2019, 08:06:42 AM

Title: Question regarding cookies
Post by: Jonas on December 09, 2019, 08:06:42 AM

hello!  :)

I've got a bit of an odd issue and I don't expect a full on solution from this question as much as hoping someone knows something I don't.

I've got an issue getting a system I got running to download via HTTP when using HFS + basic authentication, I can't say much more about the system, which is why I can't expect any solutions.

The odd part is that running an apache HTTP server with basic authentication, the only difference I can see between the two in a wireshark packet that I can imagine being important is that HFS sends a set-cookie part. I was wondering if there is a way to make HFS neglect sending any cookie-related information? I've not been able to locate one, so I've gone here.

Normally my system sends a GET request with no authentication, when it recieves a "unauthorized" message it'll try another GET but with the correct authentication. However using HFS the second GET request simply doesn't go out. My thought is something related to the cookie causes it to go a bit haywire, so I'm hoping to find a way to disable it to test if my logic holds.

Second question - does HFS have some type of "time out" in terms of GET requests?

Thank you ahead of time for any help you give, it is very appriciated.

Title: Re: Question regarding cookies
Post by: bmartino1 on December 17, 2019, 10:38:05 PM

appache has a html php coded login site, while HFS has  delphi / pascal built in auth system

while html is using basic authentication

because HFS ( for security ) doent have a site or pin point html locaiton, apahce is able to php comand and acess vs hfs

if need id recomend a appache reverse proxy

Title: Re: Question regarding cookies
Post by: Jonas on December 20, 2019, 06:42:27 AM

Thank you for the response :) That gives me a bit more to consider. Currently what I am working on is for general http and Apache/HFS has been used as quick test setups.

Just while I can, do you know if there is a way to make HFS not send any of the "set-cookie" information?

Title: Re: Question regarding cookies
Post by: bmartino1 on December 22, 2019, 03:27:52 PM

http://rejetto.com/forum/index.php?topic=11558.0

Not 100% sure of an answer, mby a hfs file menu setting

Or hfs macro code

The cookie only has the hfs Sid for that connection

A test vitural folder did temp with this code will show you the cookie

Code: [Select]

data.token = getCookie('HFS_SID');

Pulled from other site about cookies, mby HTML/macro code like:

Code: [Select]

delCookie('HFS_SID')


Title: Re: Question regarding cookies
Post by: Jonas on January 14, 2020, 10:08:14 AM

Tried a bit but to no avail - many thanks for all the help none the less  :)

Title: Re: Question regarding cookies
Post by: Mars on January 16, 2020, 08:11:08 PM

in terms of what you want to do with the header, you should try to use the 'request completed' event.


by extension of idea, it is not possible to use an event to suppress the duplication of the duplicate Content-Length header in compressed responses
have look at this post http://rejetto.com/forum/index.php?topic=13094.msg1065170#msg1065170