POST request with sent form data does not return correct response

Question

I´m trying to log in to a website using my account. In python code, I use:

login_response = session.post('mysite.com', login_data, cookies=session.cookies)

where session is a requests session object, the cookies are exactly the cookies that are also sent when I try the same in a browser (it´s two specific cookies that are sent by the browser as part of the request when I log in), and login_data is a dictionary of form data that is sent in the post request.

However, the expected response is: code 303, a redirect link is sent, and two new cookies (that are the use login session). This is what happens in the browser. When I want to do this with the code above, I get instead code 200, no redirect link, and no cookies. It´s as if the site just 'reloads'. The form data itself (password + user) is correct.

I read the request content from my browser:

-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="login__standard_submitted"

1
-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="csrfKey"

2fcc7af2aa54f0e3ab85a6bdeca26f98
-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="ref"

aHR0cHM6Ly9jcmltZW1hcmtldC53by8=
-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="MAX_FILE_SIZE"

20971520
-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="plupload"

92ee7fd8f0a2249c2327184c5b95d6c9
-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="auth"

myusername
-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="password"

password
-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="remember_me"

0
-----------------------------366521339228594542373308740035
Content-Disposition: form-data; name="remember_me_checkbox"

1
-----------------------------366521339228594542373308740035--

The data I get from this, I just wrote into a dictionary of key: values, e.g.

'auth': 'myusername'

Again a tl;dr: I send the right cookies and what I observed as seemingly correct data when performing the POST request in code. However, I get an entirely different result than in the browser, and fail to log in.

Did I misunderstand something? What do I need to change to log in by code?

EDIT: In the headers, I also set 'Content-Type' to 'multipart/form-data', just as in the browser. EDIT 2: Instead if I set login_data with files=, it still doesn´t work.

Answer 1

I wonder if your session object is sending an http: request and should instead send a https: request. This could lead to a redirect with 303 response. The "requests" package seems to handle this type of response.

import requests
res = requests.get('http://google.com')
print(res.url)

res = requests.get('http://stackoverflow.com')
print(res.url)

The output to those above are

http://www.google.com/
https://stackoverflow.com/

Answer 2

From what I have seen you have to use files= to send a multipart/form-data request using request.post however you have to use tuples and set the filename to NOne so they are not sent as files.

login_data = (
    ('login__standard_submitted', (None, '1')),
    ('csrfKey', (None, '2fcc7af2aa54f0e3ab85a6bdeca26f98')),
    ('ref', (None, 'aHR0cHM6Ly9jcmltZW1hcmtldC53by8')),
    ...
)
login_response = session.post('mysite.com', files=login_data, cookies=session.cookies)