3

i'm trying to logging into a website but this site always response with

"You don't seem to accept cookies. Cookies are required in order to log in."

why my program doesn't allow cookies?

function HF_Login(): boolean;
var
 HTTP : TIDHTTP;
 Cookie : TidCookieManager;
 Data, Page : TStringList;
begin
 HTTP := TIDHTTP.Create(NIL);
 Cookie := TidCookieManager.Create(NIL);

 HTTP.Request.UserAgent := 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1';
 HTTP.Request.Accept := 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
 HTTP.Request.AcceptLanguage := 'en-us;q=0.7,en;q=0.3';
 HTTP.Request.AcceptCharSet := 'windows-1251,utf-8;q=0.7,*;q=0.7';
 HTTP.Request.Pragma := 'no-cache';
 HTTP.Request.CacheControl := 'no-cache';
 HTTP.Request.RawHeaders.Add('X-Requested-With: XMLHttpRequest');
 HTTP.AllowCookies := True;
 HTTP.HandleRedirects := True;
 HTTP.ProtocolVersion := pv1_1;
 HTTP.Request.Connection := 'Keep-Alive';
 HTTP.CookieManager  := Cookie;

 Data := TStringList.Create;
 Page := TStringList.Create;

        //  returnto=%2F&user=[user]&pass=[pass]
 Data.Add('returnto=%2F&user=csz0021&pass=Yese0071');

 page.Text := HTTP.Post('http://hotfile.com/login.php', Data);
 //form1.RichEdit1.Text := HTTP.Post('http://hotfile.com/login.php', Data);

 If Pos('Bad username/password combination.', Page.Text) <> 0 Then Result := False
 else Result := True;

 Page.Free;
 Data.Free;
end;

this is a free account to test the website.

csz0021

Yese0071

Thanks

MeRo
  • 31
  • 1
  • 2
  • this c# code work perfectly maybe this can help you to find my problem in delphi code http://stackoverflow.com/questions/2151576/c-http-post-method-cookies-issue – MeRo Apr 20 '11 at 14:19

3 Answers3

4

It doesn't work in one step as you're doing it, need to do it in two steps. First request the login page (GET), then send your login credentials (POST). Make sure you use the same CookieManager for both operations.

Edit to help the anonymous downvoter understand why this answer is actually obvious. The OP gets this error message:

"You don't seem to accept cookies. Cookies are required in order to log in."

so the server is expecting to see some cookies from the client. Since the OP is only doing ONE POST request, it's CookieManager contains no cookies, so it's not sending any cookies. None the less the server expects to see some cookies. Where would those cookies come from in a normal browser-based session? Well, filling in the login-form is very, very hard without actually navigating to the form first (the GET request).

Cosmin Prund
  • 25,498
  • 2
  • 60
  • 104
  • Thanks for you comment,i've added this line HTTP.Get('http://wwww.hotfile.com'); but nothing happend same problem apears – MeRo Apr 20 '11 at 14:12
1

I would suggest you install a HTTP request monitoring tool, compare your request with a standard browser ones.

HTTP Analyzer is a good start.

Darkerstar
  • 924
  • 1
  • 8
  • 17
  • @Dorin, you forgot to actually upvote! Anyhow, for such a simple problem using a big tool like wireshark (and any other HTTP analyzer) would, in my opinion, simply obscure the issue behind a wall of irrelevant information. Ever seen the amount of HTTP headers a browser sends with any request? Figuring out what's relevant and what's not would be way harder then figuring out what `"You don't seem to accept cookies."` means. – Cosmin Prund Apr 20 '11 at 12:34
  • thanks for you comment t i've tried that HTTP analyzer i don't see any differense my request is OK – MeRo Apr 20 '11 at 14:16
1

Make sure you are using an up-to-date version of Indy 10. Indy 10's cookie support was broken for a long time, but was finally fixed a few months ago. Even though you may have Cookies enabled, it is possible that Indy was either rejecting received cookies, or not sending cookies back to the server.

On a side note: use the Request.CustomHeaders property instead of the Request.RawHeaders property, and do not URL-encode the TStringList data you pass to Post(). Post will encode the data internally for you (if the hoForceEncodeParams flag is enabled in the TIdHTTP.HTTPOptions property, which it is by default).

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770