以http://www.idc3389.com为例:
效果图:
使用Fiddler工具进行抓包,截图:
可以发现:
1.并没有使用cookie并没有用作用户身份识别,因为登录前后的cookie并没有发生改变
如果使用cookie用于用户身份认证,则登录前后cookie肯定不同,以博客园为例:
2.Connection始终保持为keep-alive。也就是说客户端和服务器只建立了一次连接,后续的请求都是在当前连接的基础上,并没有重新新建连接。
代码:
向CHttpLoginTestDlg.h中的class CHttpLoginTestDlg 中加入
private: // 获取一段字符串,通过它的左右字符串为参考 CString getMidStrByLeftAndRight(const CString &str, const CString &left, const CString &right); private: IWinHttpRequestPtr pHttpReq; BOOL bLogined;
CHttpLoginTestDlg.cpp:
CHttpLoginTestDlg::CHttpLoginTestDlg(CWnd* pParent /*=NULL*/) : CDialogEx(CHttpLoginTestDlg::IDD, pParent) { m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); pHttpReq = NULL; bLogined = FALSE; } #import "C:\Windows\system32\winhttp.dll" no_namespace void CHttpLoginTestDlg::OnBnClickedLoginButton() { CString username, passwd; GetDlgItemText(IDC_EDIT_USER, username); GetDlgItemText(IDC_EDIT_PASSWORD, passwd); if (username.IsEmpty() || passwd.IsEmpty()) { MessageBox(_T("用户名或密码不能为空"), _T("提示")); return; } HRESULT hr = pHttpReq.CreateInstance(__uuidof(WinHttpRequest)); if (FAILED(hr)) return; hr = pHttpReq->Open(_T("POST"), _T("http://www.idc3389.com/user/userlogin.asp")); if (FAILED(hr)) return; // 设置相当关键 post提交数据时必须要 hr = pHttpReq->SetRequestHeader(_T("Content-Type"), _T("application/x-www-form-urlencoded")); if (FAILED(hr)) return; // 拼接post表单数据 CString strBody; strBody.Format(_T("username=%s&password=%s&x=12&y=10"),username, passwd); COleVariant varBody = strBody; hr = pHttpReq->Send(varBody); if (FAILED(hr)) return; // 获得响应, _variant_t varRspBody = pHttpReq->GetResponseBody(); //ULONG dataLen = varRspBody.parray->rgsabound[0].cElements; // 文本长度 char *pContentBuffer = (char*)varRspBody.parray->pvData; CString rspStr; rspStr = pContentBuffer; if (rspStr.Find(_T("欢迎您:")) != -1) { MessageBox(_T("登录成功")); bLogined = TRUE; } else MessageBox(_T("登录失败")); } void CHttpLoginTestDlg::OnBnClickedGetinfoButton() { if (!bLogined) { MessageBox(_T("尚未登录!请先登录!"), _T("提示")); return; } HRESULT hr = pHttpReq->Open(_T("GET"), _T("http://www.idc3389.com/user/modify.asp")); if (FAILED(hr)) return; hr = pHttpReq->Send(); if (FAILED(hr)) return; // 获得响应, _variant_t varRspBody = pHttpReq->GetResponseBody(); //ULONG dataLen = varRspBody.parray->rgsabound[0].cElements; // 文本长度 char *pContentBuffer = (char*)varRspBody.parray->pvData; CString rspStr; rspStr = pContentBuffer; //MessageBox(rspStr); CString username = getMidStrByLeftAndRight(rspStr, _T("id="truename" value=""), _T(""")); CString email = getMidStrByLeftAndRight(rspStr, _T("id="email" value=""), _T(""")); CString addr = getMidStrByLeftAndRight(rspStr, _T("id="address" value=""), _T(""")); CString tel = getMidStrByLeftAndRight(rspStr, _T("id="tel" value=""), _T(""")); SetDlgItemText(IDC_STATIC_NAME, username); SetDlgItemText(IDC_STATIC_ADDR, addr); SetDlgItemText(IDC_STATIC_EMAIL, email); SetDlgItemText(IDC_STATIC_TEL, tel); } CString CHttpLoginTestDlg::getMidStrByLeftAndRight(const CString &str, const CString &left, const CString &right) { CString ret; int posLeft = -1, posRight = -1; posLeft = str.Find(left); if (posLeft == -1) return ret; posLeft += left.GetLength(); // 所求字符串的起始位置 posRight = str.Find(right, posLeft); // 所求字符串的结束位置 if (posRight == -1) return ret; ret = str.Mid(posLeft, posRight - posLeft); return ret; }