CODEWITHSUNDEEP
c#httpwebcookies
Simon Parker
Simon Parker

Reputation: 1834

Cookies and C# HttpWebRequest

I have been trying to log in to a server to grab the authentication cookie (a session cookie), which I can then use for further calls to the server. Every example I have read follows the same pattern:

HttpWebRequest request = WebRequest.Create(loginURL) as HttpWebRequest;
var response = request.GetResponse() as HttpWebResponse;

var cookies = response.Cookies;

This didn't work for me, as the cookies variable ended up empty, and a debug analysis showed response.Cookies was empty. The server is mine, and I can see, through debugging, the cookie is being set. I can also see the cookie in Firefox if I log in to my site with it. So I know the cookie is being set.

After some messing around, I discovered the cookie was being set in the request, not the response. So the code below worked. My question is: Why? Why is the request being populated, but not the response? Is it something to do with being a post, not a get? I am totally baffled.

    private void Login()
    {
        string userName = UserNameText.Text;
        string password = PasswordText.Password;
        string baseURL = URLText.Text;

        string loginURL = baseURL + "/Authentication/LoginAction";

        HttpWebRequest request = WebRequest.Create(loginURL) as HttpWebRequest;
        request.Method = "POST";

        string formContent =
            "UserName=" + userName +
            "&Password=" + password;

        var byteArray = Encoding.UTF8.GetBytes(formContent);
        request.ContentType = "application/x-www-form-urlencoded";
        request.ContentLength = byteArray.Length;
        request.CookieContainer = new CookieContainer();

        try
        {
            using (var dataStream = request.GetRequestStream())
            {

                dataStream.Write(byteArray, 0, byteArray.Length);

                using (var response = request.GetResponse() as HttpWebResponse)
                {
                    var cookies = request.CookieContainer;

                    if (cookies.Count != 0)
                    {
                        cookies_ = cookies;
                    }
                }
            }
        }
        catch(Exception ex)
        {
            // don't bother too much
            Debug.WriteLine(ex.Message);
        }
    }

Upvotes: 3

Views: 1642

Answers (1)

ProgrammingLlama
ProgrammingLlama

Reputation: 38850

The CookieContainer should be considered similar to a browser's cookie cache for a particular site. The idea is that you supply the container as part of the request, and then it's populated by the cookies you receive and you can reuse that container for subsequent requests. When you make a request, the cookies in the container are sent with the request (just like the browser would with stored cookies).

So, for example, if you have a page that uses cookies to store an authentication token, you can pass the cookie container with the login request, and then pass it with subsequent requests which require an authenticated cookie.

As to why you can't simply extract it from the request, I guess Microsoft just didn't want to duplicate things when you can pass in a reference to a mutable cookie container in the request.

Upvotes: 1

Related Questions