以http://www.idc3389.com為例:
效果圖:
使用Fiddler工具進行抓包,截圖:
可以發現:
1.並沒有使用cookie並沒有用作用戶身份識別,因為登錄前后的cookie並沒有發生改變
如果使用cookie用於用戶身份認證,則登錄前后cookie肯定不同,以博客園為例:
2.Connection始終保持為keep-alive。也就是說客戶端和服務器只建立了一次連接,后續的請求都是在當前連接的基礎上,並沒有重新新建連接。
代碼:
向CHttpLoginTestDlg.h中的class CHttpLoginTestDlg 中加入
private: // 獲取一段字符串,通過它的左右字符串為參考 CString getMidStrByLeftAndRight(const CString &str, const CString &left, const CString &right); private: IWinHttpRequestPtr pHttpReq; BOOL bLogined;
CHttpLoginTestDlg.cpp:
CHttpLoginTestDlg::CHttpLoginTestDlg(CWnd* pParent /*=NULL*/) : CDialogEx(CHttpLoginTestDlg::IDD, pParent) { m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); pHttpReq = NULL; bLogined = FALSE; } #import "C:\\Windows\\system32\\winhttp.dll" no_namespace void CHttpLoginTestDlg::OnBnClickedLoginButton() { CString username, passwd; GetDlgItemText(IDC_EDIT_USER, username); GetDlgItemText(IDC_EDIT_PASSWORD, passwd); if (username.IsEmpty() || passwd.IsEmpty()) { MessageBox(_T("用戶名或密碼不能為空"), _T("提示")); return; } HRESULT hr = pHttpReq.CreateInstance(__uuidof(WinHttpRequest)); if (FAILED(hr)) return; hr = pHttpReq->Open(_T("POST"), _T("http://www.idc3389.com/user/userlogin.asp")); if (FAILED(hr)) return; // 設置相當關鍵 post提交數據時必須要 hr = pHttpReq->SetRequestHeader(_T("Content-Type"), _T("application/x-www-form-urlencoded")); if (FAILED(hr)) return; // 拼接post表單數據 CString strBody; strBody.Format(_T("username=%s&password=%s&x=12&y=10"),username, passwd); COleVariant varBody = strBody; hr = pHttpReq->Send(varBody); if (FAILED(hr)) return; // 獲得響應, _variant_t varRspBody = pHttpReq->GetResponseBody(); //ULONG dataLen = varRspBody.parray->rgsabound[0].cElements; // 文本長度 char *pContentBuffer = (char*)varRspBody.parray->pvData; CString rspStr; rspStr = pContentBuffer; if (rspStr.Find(_T("歡迎您:")) != -1) { MessageBox(_T("登錄成功")); bLogined = TRUE; } else MessageBox(_T("登錄失敗")); } void CHttpLoginTestDlg::OnBnClickedGetinfoButton() { if (!bLogined) { MessageBox(_T("尚未登錄!請先登錄!"), _T("提示")); return; } HRESULT hr = pHttpReq->Open(_T("GET"), _T("http://www.idc3389.com/user/modify.asp")); if (FAILED(hr)) return; hr = pHttpReq->Send(); if (FAILED(hr)) return; // 獲得響應, _variant_t varRspBody = pHttpReq->GetResponseBody(); //ULONG dataLen = varRspBody.parray->rgsabound[0].cElements; // 文本長度 char *pContentBuffer = (char*)varRspBody.parray->pvData; CString rspStr; rspStr = pContentBuffer; //MessageBox(rspStr); CString username = getMidStrByLeftAndRight(rspStr, _T("id=\"truename\" value=\""), _T("\"")); CString email = getMidStrByLeftAndRight(rspStr, _T("id=\"email\" value=\""), _T("\"")); CString addr = getMidStrByLeftAndRight(rspStr, _T("id=\"address\" value=\""), _T("\"")); CString tel = getMidStrByLeftAndRight(rspStr, _T("id=\"tel\" value=\""), _T("\"")); SetDlgItemText(IDC_STATIC_NAME, username); SetDlgItemText(IDC_STATIC_ADDR, addr); SetDlgItemText(IDC_STATIC_EMAIL, email); SetDlgItemText(IDC_STATIC_TEL, tel); } CString CHttpLoginTestDlg::getMidStrByLeftAndRight(const CString &str, const CString &left, const CString &right) { CString ret; int posLeft = -1, posRight = -1; posLeft = str.Find(left); if (posLeft == -1) return ret; posLeft += left.GetLength(); // 所求字符串的起始位置 posRight = str.Find(right, posLeft); // 所求字符串的結束位置 if (posRight == -1) return ret; ret = str.Mid(posLeft, posRight - posLeft); return ret; }