Logo

Parametric Search Appliance

This is custom script. Do not install updates.

 

Thunderstone Search Appliance Manual

<<Previous: Submitting the Form Directly: ↑Up: Primer URLs Next>>: Checking for Bad Logins:

Filling Out the Form: Custom Primer Variables

Sometimes submitting the form directly is not sufficient. Forms on web pages can contain dynamic hidden variables, such as a viewstate for session tracking. This means the form must be opened, filled out, and submitted, instead of simply submitting a pre-defined action URL.

This is achievable with the Custom Primer Variables setting. Instead of setting Custom Primer URL to the action of the login form, you set it to the URL of the page that contains the form. Custom Primer Variables is a URL-encoded list of name/value pairs to set on the Custom Primer URL page.

When Custom Primer Variables is set, the Custom Primer URL is fetched, and then the variables specified in Custom Primer Variables are used on the form, and then that form is submitted.

For example, let's say there's a pleaseLogin.asp page that submits to checkLogin.asp, and the form contains a dynamic state that has to be included or checkLogin.asp will reject the login. If you set Custom Primer URL to

http://login.acme.com/pleaseLogin.asp

and set Custom Primer Variables to

User=Admin&Pass=open%26close

The pleaseLogin.asp page will be fetched, the form field User will be set to Admin and Pass will be set to open&close (note the URL-encoding), and then the form on the pleaseLogin.asp page will be submitted, going to checkLogin.asp.

This means that if the form on pleaseLogin.asp contains

<input type="hidden" name="sessionstate" value="abc123xyz"/>

then that hidden variable will be submitted along with the rest of the form.

Note: After version 8.0.4 (2012-07-13) the Parametric Search Appliance will set the HTTP(S) Referer header for each primer URL to the URL of the previously used primer. So authentication systems that require Referers will work. If the first primer URL also requires a Referer add a primer URL before that so it picks up that as the Referer. This does not affect the use of Referer in the main walk.


Copyright © Thunderstone Software     Last updated: Jul 28 2017

<<Previous: Submitting the Form Directly: ↑Up: Primer URLs Next>>: Checking for Bad Logins:
Page generated in 0.08 seconds.
2024-11-23 18:38:16 EST