Okay I post 2 fields to a url using cUrl, this page checks my post fields and based on them it returns me cookies. However before i can even read the cookies I'm already redirected to an other page.
I tried setting _FOLLOWLOCATION, 0 but I'm still getting redirected. Are there any thoughts on this?
Code:
$headers[] = "Accept: */*";
$headers[] = "Connection: Keep-Alive";
$headers[] = "Content-type: application/x-www-form-urlencoded;charset=UTF-8";
$fields_string = "login_url=/login.do?school=windesheim";
$fields_string=rtrim($fields_string, "&");
$cSession = curl_init();
$tmpfname = dirname(__FILE__).'/cookie2.txt';
curl_setopt($cSession, CURLOPT_REFERER, "https://website.com/login.do?error=nomandant");
curl_setopt($cSession, CURLOPT_HTTPHEADER, $headers)
curl_setopt($cSession, CURLOPT_COOKIEFILE, $tmpfname);
curl_setopt($cSession, CURLOPT_COOKIEJAR, $tmpfname);
curl_setopt($cSession,CURLOPT_URL,"https://website.com/j_spring_security_check");
curl_setopt($cSession,CURLOPT_RETURNTRANSFER,true);
curl_setopt($cSession, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($cSession, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($cSession, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($cSession,CURLOPT_HEADER, true);
curl_setopt ($cSession, CURLOPT_POST, true);
curl_setopt ($cSession, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($cSession,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13');
$result=curl_exec($cSession);
curl_close($cSession);
echo htmlspecialchars($result);
If I print the header it says location: https://website.com/login.do?error=nomandant
So I go to this page, I can't get the cookies because I'm redirected to the next page which then redirects me back to the first page because I don't have the cookies set.
I want to get on the first page, don't be redirected, and read the cookies from the header.
How come that I'm being redirected even though followlocation is set to 0/false?
Update:
When I'm in my browser at website.com and I enter Windesheim in postfield and post it this it posts to /j_spring_security_check
So i try to simulate this using cUrl using the code from above (updated with more info). But the output is only:
HTTP/1.1 302 Found Connection: Keep-Alive Content-Length: 0
Date: Sat, 16 Nov 2013 14:28:33 GMT
Location: https://website.com/login.do?error=nomandant Server: Apache-Coyote/1.1
The expected result is something like the response header in the picture above.
So something is going wrong that it is redirecting me to
/login.do?error=nomandant
instead of
/index.do;jsessionid=etc.
But I can't figure out what I am doing wrong as there are only 2 field being posted and I included them both in my code.