rejetto forum

Question regarding cookies

Jonas · 6 · 4624

0 Members and 1 Guest are viewing this topic.

Offline Jonas

  • Occasional poster
  • *
    • Posts: 3
    • View Profile
hello!  :)

I've got a bit of an odd issue and I don't expect a full on solution from this question as much as hoping someone knows something I don't.

I've got an issue getting a system I got running to download via HTTP when using HFS + basic authentication, I can't say much more about the system, which is why I can't expect any solutions.

The odd part is that running an apache HTTP server with basic authentication, the only difference I can see between the two in a wireshark packet that I can imagine being important is that HFS sends a set-cookie part. I was wondering if there is a way to make HFS neglect sending any cookie-related information? I've not been able to locate one, so I've gone here.

Normally my system sends a GET request with no authentication, when it recieves a "unauthorized" message it'll try another GET but with the correct authentication. However using HFS the second GET request simply doesn't go out. My thought is something related to the cookie causes it to go a bit haywire, so I'm hoping to find a way to disable it to test if my logic holds.

Second question - does HFS have some type of "time out" in terms of GET requests?

Thank you ahead of time for any help you give, it is very appriciated.
« Last Edit: December 09, 2019, 08:12:34 AM by Jonas »


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
appache has a html php coded login site, while HFS has  delphi / pascal built in auth system

while html is using basic authentication

because HFS ( for security ) doent have a site or pin point html locaiton, apahce is able to php comand and acess vs hfs

if need id recomend a appache reverse proxy
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline Jonas

  • Occasional poster
  • *
    • Posts: 3
    • View Profile
Thank you for the response :) That gives me a bit more to consider. Currently what I am working on is for general http and Apache/HFS has been used as quick test setups.

Just while I can, do you know if there is a way to make HFS not send any of the "set-cookie" information?



Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
http://rejetto.com/forum/index.php?topic=11558.0

Not 100% sure of an answer, mby a hfs file menu setting

Or hfs macro code

The cookie only has the hfs Sid for that connection

A test vitural folder did temp with this code will show you the cookie
Code: [Select]
data.token = getCookie('HFS_SID');

Pulled from other site about cookies, mby HTML/macro code like:
Code: [Select]
delCookie('HFS_SID')
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline Jonas

  • Occasional poster
  • *
    • Posts: 3
    • View Profile
Tried a bit but to no avail - many thanks for all the help none the less  :)


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
in terms of what you want to do with the header, you should try to use the 'request completed' event.


by extension of idea, it is not possible to use an event to suppress the duplication of the duplicate Content-Length header in compressed responses
have look at this post http://rejetto.com/forum/index.php?topic=13094.msg1065170#msg1065170
« Last Edit: January 16, 2020, 08:57:03 PM by Mars »