locked
Invoke-WebRequest - Cookies destroyed? RRS feed

  • Question

  • Hi,

    I'm trying to logon to a Wordpress site with Powershell 3.0 using Invoke-WebRequest. The http requests work as expected, but most the cookies seem to be destroyed:

    • when I read out the „Set-Cookie“-header, I get a plus („+“) –Sign instead of the cookie value
    • the expiration sent from the server is replaced by the actual time
    • the “Max-Age” value is replaced by a negative value

    Example:

    Header as recorded using Wireshark:

    Set-Cookie: wordpress_f57b6674bc951736bc82217a5a51578d=wpadmin%7C1440587883%7C9UZclB1jk4KoQ8HmtU2H9QX4QatjWNDwQweJHiP3iLh%7C98b41679d491b9e6233508b646807f70ffcbdb99409152081e7da336dc2e8764; expires=Wed, 26-Aug-2015 23:18:03 GMT; Max-Age=1252800; path=/wp-admin; httponly

    Same cookie in request returned by Invoke-WebRequest

    wordpress_f57b6674bc951736bc82217a5a51578d=+; expires=Tue, 12-Aug-2014 11:18:04 GMT; Max-Age=-31536000; path=/wp-admin

    Even the cookies in SessionVariable are incomplete: only one with path=/ can be found in the SessionVariable, all the others which are destroyed as described above are not in the SessionVariable. As a consequence, the Logon never works...

     

    Any ideas what I am doing wrong?

     

    Code example:

    $hostname="https://my.wordpress.com";
    
    $login_url= "$hostname/wp-login.php"
    
    $r = Invoke-WebRequest $login_url -SessionVariable wp_session
    
    $login_form = $r.Forms[0];
    $login_form.Fields.log="myusername"
    $login_form.Fields.pwd="mysecretpassword!"
    
    $r=Invoke-WebRequest  -uri $login_url -Headers $HTTPHeaders -Method Post -WebSession $wp_session  -Body $login_form.Fields
    
    $r.Headers["Set-Cookie"]

    Wednesday, August 12, 2015 11:32 AM

Answers