<<Previous: Submitting the Form Directly: | ↑Up: Primer URLs | Next>>: Checking for Bad Logins: |
Sometimes submitting the form directly is not sufficient. Forms on
web pages can contain dynamic hidden variables, such as
a viewstate
for session tracking. This means the form must be
opened, filled out, and submitted, instead of simply submitting a
pre-defined action URL.
This is achievable with the Custom Primer Variables setting. Instead of setting Custom Primer URL to the action of the login form, you set it to the URL of the page that contains the form. Custom Primer Variables is a URL-encoded list of name/value pairs to set on the Custom Primer URL page.
When Custom Primer Variables is set, the Custom Primer URL is fetched, and then the variables specified in Custom Primer Variables are used on the form, and then that form is submitted.
For example, let's say there's a pleaseLogin.asp
page that
submits to checkLogin.asp
, and the form contains a dynamic
state that has to be included or checkLogin.asp
will reject the
login. If you set Custom Primer URL to
http://login.acme.com/pleaseLogin.asp
and set Custom Primer Variables to
User=Admin&Pass=open%26close
The pleaseLogin.asp
page will be fetched, the form field
User
will be set to Admin
and Pass
will be set to
open&close
(note the URL-encoding), and then the form on the
pleaseLogin.asp
page will be submitted, going to
checkLogin.asp
.
This means that if the form on pleaseLogin.asp
contains
<input type="hidden" name="sessionstate" value="abc123xyz"/>
then that hidden variable will be submitted along with the rest of the form.
Note: After version
8.0.4
(2012-07-13) the Parametric Search Appliance will set the HTTP(S) Referer
header
for each primer URL to the URL of the previously used primer. So authentication
systems that require Referer
s will work. If the first primer URL also
requires a Referer
add a primer URL before that so it picks up that
as the Referer
.
This does not affect the use of Referer
in the main walk.
<<Previous: Submitting the Form Directly: | ↑Up: Primer URLs | Next>>: Checking for Bad Logins: |