我需要在需要 cookie 的网页上填写登录表单,并获取有关结果页面的一些信息。由于这需要在晚上非常奇怪的时间完成,我想自动化这个过程,因此我使用 Mechanize (欢迎任何其他建议 - 请注意,我必须在学校服务器上运行我的脚本,我不能安装新软件。Mechanize 是纯 Python,所以我能够解决这个问题)。
问题是托管登录表单的页面要求我能够接受和发送 cookie。理想情况下,我希望能够接受并发送服务器发送给我的所有 cookie,而不是硬编码我自己的 cookie。
所以,我开始用 mechanize 编写我的脚本,但我似乎错误地处理了 cookie。由于我在任何地方都找不到有用的文档(如果我是盲人请指出),所以我在这里问。
这是我的 Mechanize 脚本:
import mechanize as mech
br = mech.Browser()
br.set_handle_robots(False)
print "No Robots"
br.set_handle_redirect(True)
br.open("some internal uOttawa website")
br.select_form(nr=0)
br.form['j_username'] = 'my username'
print "Login: ************"
br.form['j_password'] = 'my password'
print "Password: ************"
response = br.submit()
print response.read()
这将打印以下内容
No Robots
Login: ************
Password: ************
<html>
<body>
<img src="/idp/images/uottawa-logo-dark.png" />
<h3>ERROR</h3>
<p>
An error occurred while processing your request. Please contact your helpdesk or
user ID office for assistance.
</p>
<p>
This service requires cookies. Please ensure that they are enabled and try your
going back to your desired resource and trying to login again.
</p>
<p>
Use of your browser's back button may cause specific errors that can be resolved by
going back to your desired resource and trying to login again.
</p>
<p>
If you think you were sent here in error,
please contact technical support
</p>
</body>
</html>
如果我在 Chrome 浏览器上禁用 cookie 并尝试同样的操作,这确实是我会得到的页面。
我试过如下添加一个 cookies jar ,但没有成功。
br = mech.Browser()
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj)
我查看了多个 Mechanize 文档来源。 One of them提及
A common mistake is to use mechanize.urlopen(), and the .extract_cookies() and
.add_cookie_header() methods on a cookie object themselves.
If you use mechanize.urlopen() (or OpenerDirector.open()),
the module handles extraction and adding of cookies by itself,
so you should not call .extract_cookies() or .add_cookie_header().
这似乎是说我的第一种方法应该有效,但实际上没有。
如果您对此有任何帮助,我将不胜感激 - 它令人困惑,而且似乎严重缺乏文档。
最佳答案
我在使用 Mechanize 验证 Shibboleth 网站时遇到了完全相同的消息,只是因为我犯了和你一样的错误。看起来我想通了。
简答
您需要打开的链接是:
br.open("https://web30.uottawa.ca/Shibboleth.sso/Login?target=https://web30.uottawa.ca/hr/web/post-register")
代替:
br.open("https://idp.uottawa.ca/idp/login.jsp?actionUrl=%2Fidp%2FAuthn%2FUserPassword")
为什么?
Shibboleth: Connect easily and securely to a variety of services with one simple login.
如果您不告诉他您要登录哪个服务,Shibboleth 登录本身就没有用。让我们分析 HTTP header 并比较您为这两个查询获得的 cookie。
<强>1。开幕式 https://idp.uottawa.ca/idp/login.jsp?actionUrl=%2Fidp%2FAuthn%2FUserPassword
Cookie: JSESSIONID=C2D4A19B2994BFA287A328F71A281C49; _ga=GA1.2.1233451770.1401374115; arp_scroll_position=-1; tools-resize=tools-resize-small; lang-prev-page=en; __utma=251309913.1233451770.1401374115.1401375882.1401375882.1; __utmb=251309913.14.9.1401376471057; __utmz=251309913.1401375882.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); lang=en
<强>2。开幕式 https://web30.uottawa.ca/Shibboleth.sso/Login?target=https://web30.uottawa.ca/hr/web/post-register
Cookie: JSESSIONID=8D6BEA53823CC1C3045B2CE3B1D61DB0; _idp_authn_lc_key=fc18251e-e5aa-4f77-bb17-5e893d8d3a43; _ga=GA1.2.1233451770.1401374115; arp_scroll_position=-1; tools-resize=tools-resize-small; lang-prev-page=en; __utma=251309913.1233451770.1401374115.1401375882.1401375882.1; __utmb=251309913.16.9.1401378064938; __utmz=251309913.1401375882.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); lang=en
有什么区别?您又获得了一个 cookie:_idp_authn_lc_key=1c21128c-2fd7-45d2-adac-df9db4d0a9ad;。我想是 cookie 说“我想登录 there”。
During the authentication process, the IdP will set a cookie named _idp_authn_lc_key. This cookie contains only information necessary to identify the current authentication process (which usually spans multiple requests/responses) and is deleted after the authentication process completes.
Source: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPCookieUsage
我是怎么找到的 that link ?我确实浏览了网页并发现 https://web30.uottawa.ca/hr/web/en/user/registration使用以下链接重定向到登录表单:
<a href="https://web30.uottawa.ca/Shibboleth.sso/Login?target=https://web30.uottawa.ca/hr/web/post-register"
class="button standard"><span>Create your account using infoweb</span></a>
所以这不是 Mechanize 的问题,而是 Shibboleth 乍一看有点难以理解。您将找到有关 Shibboleth 身份验证流程的更多信息 here .
关于python - 使用 Mechanize 接受和发送 Cookie,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13755374/