java – JSoup POST request – authorization problems


The task is to write an android client to work with this section of the site . However, I just can't log in to it. The jsoup library is used. So, to form a post-request, we have:

<form action="alogon.php" id="loginform" method="POST">
  <table border="0" cellpadding="0" cellspacing="0">
      <td width="158">
        <table width="100%" border="0" cellpadding="0" cellspacing="0">
                <label for="loginEnterToSite" class="labelLogin">№ читательского билета</label>
                <input name="id" value="" id="loginEnterToSite" type="text" style="width:143px;height:15px;">
                <label for="passwordEnterToSite" class="labelPass">ПИН - код</label>
                <input name="user_pass" id="passwordEnterToSite" value="" type="password" style="width:63px;height:15px">
      <td width="41">
        <input type="image" name="submit" src="menu/loginimage/sup5.gif" style="border-style:none">
      <td colspan=2>
        <input type=checkbox name=remember>Запомнить &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class='all_1' href="javascript:void(0);" onmouseover="Tip('<font color=#FF0000><b>Паролем является PIN код.</b></font><br><br>При утрате PIN кода необходимо обратиться в отдел &laquo;Учета и регистрации&raquo;.<br><br>Если у Вас нет PIN кода, то в качестве пароля можно использовать<br>первые буквы фамилии имени и отчества.<br><br>Например, читатель Iванов Євген Іванович,<br>читательский № 1234567 вводит номер Ч.Б. -<b><font color=#FF0000>1234567</font></b>, пароль - <b><font color=#FF0000>ІЄІ</font></b>', SHADOW, true, SHADOWWIDTH, 4, SHADOWCOLOR, '#007FFF')"

When registering with a browser, this is what happens in the headers:

>Request URL:ttp://  
>Request Method:POST  
>Status Code:302 Found  
>Remote Address:  
>**Response Headers**  
>Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0  
>Date:Thu, 09 Jun 2016 22:46:02 GMT  
>Expires:Thu, 19 Nov 1981 08:52:00 GMT  
>Keep-Alive:timeout=5, max=100  
>Server:Apache/2.2.22 (Debian)  
>Set-Cookie:login=43750; expires=Sat, 09-Jul-2016 22:46:03 GMT  
>Set-Cookie:pass=73a39915788ab7f0e842fa37f8536c72; expires=Sat, 09-Jul-2016 22:46:03 GMT  
>Set-Cookie:pc_id=1805; expires=Fri, 09-Jun-2017 22:46:03 GMT  
>**Request Headers**  
>Accept-Encoding:gzip, deflate  
>Cookie:PHPSESSID=2m26kdulqifq2tjt77fiihc8g5; pc_id=1805  
>User-Agent:Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 YaBrowser/ Safari/537.36  

In fields with links "http" has been changed to "ttp" due to lack of reputation.

The code used to authorize and receive cookies:

Connection.Response loginGet = Jsoup.connect("")

            Connection.Response loginPost = Jsoup.connect("")
                    .data("submit.x", "27")
                    .data("submit.y", "13")
                    .data("remember", "on")
                    .userAgent("Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 YaBrowser/ Safari/537.36")

            Log.d("ex","loginPost" + loginPost.cookies());
            Log.d("ex","loginGet" + loginGet.cookies());

When outputting cookies to logs, this is what I get:

 D/ex: loginPost{login=deleted, pass=deleted}
 D/ex: loginGet{PHPSESSID=t21o83o1336qk5ea4mhf2var27, pc_id=2185}

I can't figure out why I write login = deleted and pass = deleted. Could this be because the password is a combination of Cyrillic characters? If so, can you tell me how you can get around this? And if not, what could cause such a problem and what am I doing wrong?


Probably no one needs it, but suddenly. Here is a tried and tested solution:

Connection.Response loginPost = Jsoup.connect("")
                .data("id", login)
                .data("user_pass", password)
                .userAgent("Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 YaBrowser/ Safari/537.36")

It is .postDataCharset("windows-1251") fixes the error.

What's the matter: To send data in a POST request, they must first be encoded in a URL form (the so-called URL encoding ). This turns your Russian password into %C1%C0%D0 . (You can see this in the body of your browser request when authorizing)

When you make a GET request for /search , the header's Content-Type is text/html; charset=windows-1251 , which hints to the browser to continue communicating with the server in win1251 encoding, which it uses to encode your password as a URL.

However Jsoup doesn't know this and uses the standard utf-8 . And in utf-8, Russian is encoded differently. Thus, by explicitly specifying the encoding, the password is encoded correctly and the server approves the authorization.

Scroll to Top