using indy for https with session/cookie

Question

I am trying to create an HTTP session using Indy with this code:

var
  idHttp1 : TidHttp;
  lIOHandler: TIdSSLIOHandlerSocketOpenSSL;
  idCookie : TIdCookieManager;
  Initalized : boolean;

procedure InitSession;
begin
  Initalized := True;
  try
    idHttp1 := TIdHTTP.Create(nil); //the variables are declared globally
    lIOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
    idCookie := TIdCookieManager.Create(nil);

    idHttp1.Request.UserAgent := 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Trident/6.0)';
    idHttp1.Request.Referer := 'https://www.parts.bmwgroup.com/';
    idHttp1.Request.AcceptLanguage := 'de';
    idHttp1.ConnectTimeout := 10000;
    idHttp1.ReadTimeout := 10000;
    idHttp1.Response.KeepAlive := true;
    idHttp1.IOHandler := lIOHandler;

    idHttp1.HandleRedirects := true;
    idHttp1.CookieManager := idCookie;
    idHttp1.AllowCookies := true;

    ShowMessage(IntToStr(idCookie.CookieCollection.Count));
  except
    Initalized := False;
  end;
end;

Then I am doing this to create the new session ID used to login to the website:

begin
  ...
  s := IdHTTP1.Get('https://www.parts.bmwgroup.com/tetis/index.jsp?DOMAIN=Internet');
end

When I get a session from website, I try to login:

begin
  ...
  s := IdHTTP1.Get('https://www.parts.bmwgroup.com/tetis/startTetisAction.do?LOGON_USERID=XXXXXXXX&LOGON_PASSWD=XXXXXXXX');
end

And now when I try to work with intern content I get HTTP message like this:

<html>
<head>



<script language="JavaScript">
function zeigeLogin ()
{


        open ("/tetis/startTetisAction.do","TeTIS");

}
</script>
<title>Aftersales Assistance Portal ASAP</title>
<link rel="STYLESHEET" type="text/css" href="/tetis/css/content.css">
</head>

<body link="#003399" vlink="#666666" alink="#003399">
  <table border="0" cellspacing="0" cellpadding="0">
<tr>
    <td class="hl1">Aftersales Assistance Portal ASAP</td>
</tr>
<tr> 
    <td class="hl2">Ihre Session ist ungultig.<BR>Bitte melden Sie sich neu an.<BR>
    <BR>
    <a href="javascript:zeigeLogin()" class="h12red9">&gt; Login</a></td>
    </td>
</tr>
</table>
</body>
</html>

Why is my session not working?

Answer 1

You are not logging in correctly.

When you visit https://www.parts.bmwgroup.com/tetis/index.jsp?DOMAIN=Internet in a web browser, it displays a popup window with an HTML login form in it. That login form is then submitted to the server using a POST request, but you are sending the login credentials using a GET request instead.

The following works for me when I try it:

var
  idHttp1 : TIdHTTP = nil;
  Initialized : Boolean = False;

procedure InitSession;
begin
  try
    idHttp1 := TIdHTTP.Create(nil);
    idHttp1.IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(IdHttp1);
    idHttp1.CookieManager := TIdCookieManager.Create(IdHttp1);

    idHttp1.ConnectTimeout := 10000;
    idHttp1.ReadTimeout := 10000;
    idHttp1.HandleRedirects := true;
    idHttp1.AllowCookies := true;

    idHttp1.Request.UserAgent := 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Trident/6.0)';
    idHttp1.Request.AcceptLanguage := 'de';
    idHttp1.Request.Connection := 'Keep-Alive';

    Initialized := True;
  except
    Initialized := False;
  end;
end;

begin
  ...
  idHttp1.Request.Referer := 'https://www.parts.bmwgroup.com/';
  s := IdHTTP1.Get('https://www.parts.bmwgroup.com/tetis/index.jsp?DOMAIN=Internet');
end

begin
  ...
  idHttp1.Request.Referer := 'https://www.parts.bmwgroup.com/tetis/index.jsp?DOMAIN=Internet';
  s := IdHTTP1.Get('https://www.parts.bmwgroup.com/tetis/startTetisAction.do?DOMAIN=Internet');
end

var
  PostParams: TStringList;
begin
  ...
  PostParams := TStringList.Create;
  try
    PostParams.Add('LOGON_USERID=XXXXXXXX');
    PostParams.Add('LOGON_PASSWD=XXXXXXXX');

    IdHttp1.Request.Referer := 'https://www.parts.bmwgroup.com/tetis/startTetisAction.do?DOMAIN=Internet';
    s := IdHTTP1.Post('https://www.parts.bmwgroup.com/tetis/startTetisAction.do', PostParams);
  finally
    PostParams.Free;
  end;
end