Code:
Retrieved: https://www.kingdomofloathing.com/login.php
Field: Set-Cookie = [PHPSESSID=i9tr5te1hhk7084d7do6s877h3; path=/, AWSALB=1HOUaMRO89JYkb8nBfrsK6maRGcdoJpTOmxa/LEVbQsBnwi1jPq7jvG2jw1m4p1SR7Y35Wq/dUKVBG5RcvMu7Zw89U1RAeBkZlIkGP/8hVnXCmkWUxfEvuveJZfB; Expires=Fri, 16-Sep-2016 15:43:04 GMT; Path=/]
Requesting: https://www.kingdomofloathing.com/actionbar.php?action=fetch
Field: Cookie = [PHPSESSID=i9tr5te1hhk7084d7do6s877h3; AWSALB=1HOUaMRO89JYkb8nBfrsK6maRGcdoJpTOmxa/LEVbQsBnwi1jPq7jvG2jw1m4p1SR7Y35Wq/dUKVBG5RcvMu7Zw89U1RAeBkZlIkGP/8hVnXCmkWUxfEvuveJZfB]
Retrieved: https://www.kingdomofloathing.com/actionbar.php?action=fetch
Field: Set-Cookie = [AWSALB=V4c03V6GLYrGmSitogQrJu2feuDxvRmeW6sFdN/ABUhwbUdou8pV9GEnYz/I4l5fYs7i0jeRqwcQD8wa1jTqmzK4Jea1c+JKmesbDC0HK9sYTAGP4Ay8wwu1Nnfc; Expires=Fri, 16-Sep-2016 15:43:05 GMT; Path=/]
Requesting: https://www.kingdomofloathing.com/main.php
Field: Cookie = [PHPSESSID=i9tr5te1hhk7084d7do6s877h3; AWSALB=1HOUaMRO89JYkb8nBfrsK6maRGcdoJpTOmxa/LEVbQsBnwi1jPq7jvG2jw1m4p1SR7Y35Wq/dUKVBG5RcvMu7Zw89U1RAeBkZlIkGP/8hVnXCmkWUxfEvuveJZfB]
Retrieved: https://www.kingdomofloathing.com/main.php
Field: Set-Cookie = [AWSALB=JCauxk6DlvPxf1rUq0GcQDO30KVSywyCikajRODMRA3CrhC67AVen5Lt5KBAeCTw4+d/JDXtyFznG6fGsyg2cEzPUerg0TEMDcY9+7mnHS3CkPQc+IxCLkEjnR3O; Expires=Fri, 16-Sep-2016 15:43:06 GMT; Path=/]
Requesting: https://www.kingdomofloathing.com/topmenu.php
Field: Cookie = [PHPSESSID=i9tr5te1hhk7084d7do6s877h3; AWSALB=1HOUaMRO89JYkb8nBfrsK6maRGcdoJpTOmxa/LEVbQsBnwi1jPq7jvG2jw1m4p1SR7Y35Wq/dUKVBG5RcvMu7Zw89U1RAeBkZlIkGP/8hVnXCmkWUxfEvuveJZfB]
Notice that we get PHPSESSID and save it, as always.
We are also given AWSALB and save it - and give it back with every request.
Every response seems to give us a new value for that cookie, but we don't seem to overwrite our saved copy; we continue to give the original one back.
Opening the Relay Browser:
Code:
GET /game.php HTTP/1.1
Cookie: AWSALB=jbflV9ajOq+M2tOjt9+kT7U8149q0KRRJjWgx41SSPwql1gbaAnrw5n3fQivBlb75sIU0qRInjXGfK5kV+SsF4OOdYWE2JOWQiprmReE4xrOkuiJGWWWrMaHBMVB
Requesting: https://www.kingdomofloathing.com/game.php
Field: Cookie = [AWSALB=jbflV9ajOq+M2tOjt9+kT7U8149q0KRRJjWgx41SSPwql1gbaAnrw5n3fQivBlb75sIU0qRInjXGfK5kV+SsF4OOdYWE2JOWQiprmReE4xrOkuiJGWWWrMaHBMVB; PHPSESSID=i9tr5te1hhk7084d7do6s877h3; AWSALB=1HOUaMRO89JYkb8nBfrsK6maRGcdoJpTOmxa/LEVbQsBnwi1jPq7jvG2jw1m4p1SR7Y35Wq/dUKVBG5RcvMu7Zw89U1RAeBkZlIkGP/8hVnXCmkWUxfEvuveJZfB]
Retrieved: https://www.kingdomofloathing.com/game.php
Field: null = [HTTP/1.1 302 Moved Temporarily]
Field: Location = [login.php?notloggedin=1]
Field: Set-Cookie = [AWSALB=AEgGAIbZ3iyU906pXyBdQHIDnRJX0SxNLWiCjSUB6ZO9vxbGgMBAr2k3zQg/ym6xtGDfLl/p/K7jyR1y7+tLolLxAQ7Ei7GMI6LpEWKDh54TuFZpc9rRqBidFFLa; Expires=Fri, 16-Sep-2016 15:43:25 GMT; Path=/]
The Browser does a GET and passes up its saved value of the AWSALB cookie.
KoLmafia puts that in the cookie string - and appends its PHPSESSID and its originally save AWSALB cookie.
KoL responds with a redirect to login.php and a new AWSALB cookie.
1) We should update AWSALB every time we get a new one.
2) We should ignore the browser's AWSALB (and PHPSESSID) and just use our own.
The result of the current situation, for me, is that, after multiple retries, we pass down the notloggedin to the browser and Firefox asks me what to do with the "php" file it wants.
The issue seems to be that LoginRequest.processLoginRequest looks at the Set-Cookie header and assumes that everything there is the "serverCookie". When the only thing there was PHPSESSID, yes. But now there is ALSO a AWSALB cookie there.
Perhaps we should save serverCookie to exclude the AWSALB cookie and save that one separately - and also reparse every time we get a Set-Cookie. Or something.
I'm out for the rest of the afternoon. Perhaps I can look at this again in the evening.