posted 20 years ago
I have a simple program that submits a POST request to a web site. The page being accessed is a LogIn page. I have configured the request from my program to set all the request parameters and HTTP headers that would be set if the user was using a regular browser in order to fool the web site into thinking the request originated from a browser. When the request is made, the web site responds with content which, after dumping to a flat file, produces a page which instucts the user that their browser must be set to accept cookies.
I can't understand how the web site determined that I did not have cookies enabled. From the servers perspective, you need at least 1 1/2 rounds trip requests in order to determine if the browser has cookies enabled. In the first reponse, the web site will send a "Set-Cookie" header containing a sessions id which instructs the browser to resend this header for all subsequest requests. But in my case, I never see the "Set-Cookie" header, not even in the first response. I'm definitely looking for it, but I never see it.
The server must have a method for determining if cookies are enabled or not, even before the first response if committed, but there must be a way to fool the server.