访问https://passport2.chaoxing.com/fanyalogin
,登录时提供一个JSESSIONID和route(之前访问,服务器在set-Cookiez中返回的),登录成功之后并没有在set-Cookie中见到JSESSIONID和route了,
但是浏览器马上继续访问网站时,JSESSIONID和route竟然莫名其妙更改了,不是 第一次登录成功时提供的JSESSIONID和route,而是另外一个数值,百思不得其解
经过测试,后台验证是否登录成功是判断 JSESSIONID和route,缺一不可,JSESSIONID是如何对登录时提供的JSESSIONID加密的呢?
提供一个python代码,按正常的抓包登录成功之后,用session保持会话或者用提出cookie直接request访问,访问新网址应该可以正常得到数据,结果是提示:您还未登录
s = requests.session()
loginUrl = "https://passport2.chaoxing.com/fanyalogin"
data={
'fid':'-1',
'uname':'15216130517',
'password':'YXNkNTIw',
'refer':'http%3A%2F%2Foffice.chaoxing.com%2Ffront%2Fthird%2Fapps%2Freserve%2Funified%2Fcode%3Fid%3D501%26reserveId%3D501%26fidEnc%3D797928204c34e200%26enc%3Df866b3f33f20c1cfb85bd6021e85b11b%26indexEnc%3Dd8b3f90fb0364e3c8e43478f12899eff',
't':'true'
}
r = s.post(loginUrl, data) # 登录
print(r.json())
print(r.headers)
print(s.cookies)
orderUrl = "http://office.chaoxing.com/data/apps/reserve/submit/reserve"
data={
'itemId':'2469',
'reserveId':'501',
'date':'2020-07-06',
'startTime':'2020-07-06 07:30',
'endTime':'2020-07-06 22:00',
'remark':'',
'intervalIdStr':'104959' # 104964
}
r=s.post(orderUrl,data)
print(r.json())
再提供一下JS代码,并没有修改Jsessionid和route
$.ajax({
url: "/fanyalogin",
type:"post",
dataType : 'json',
data:{ 'fid':fid,'uname':phone,'password':pwd,'refer':refer,'t':t},
success: function(data){
if(data.status){
if(data.tochaoxing){
window.location = "/towriteother?name="+encodeURIComponent(data.name)+"&pwd="+encodeURIComponent(data.pwd)+"&refer="+data.url;
}else{
window.location = decodeURIComponent(data.url);
}
}else{
var msg = util.isEmpty(data.msg2) ? "登录失败" : data.msg2;
msg = ("密码错误" == msg || "用户名或密码错误" == msg) ? "手机号或密码错误" : msg;
util.showMsg(true,"err-txt",msg);
}
}
});