JavaScript is required to use Bungie.net

Group Avatar

BungieNetPlatform

"Updates, discussions, and documentation of the BungieNetPlatform API."

Request Join
originally posted in:BungieNetPlatform
5/19/2015 12:28:12 AM
1

So many cookies, not enough milk

So after a long and tedious process, I've gotten down the basics with public APIs but wanted to start looking at the private ones. Using a modified version of someone's PHP function I'm able to successfully authenticate. I also collect and save the cookies from the bungie sign in request which gives me [spoiler] [__cfduid] [bungled] [bungledid] [bunglecounts] [sto-id-sg_www_bungie_net] [/spoiler] Then I collect the cookies from the PSN auth [spoiler] [npsso] [bunglefrogblastventcore] [bunglecounts] [bunglesony] [bungleatk] [tk] [bungleme] [bungleloc] [lcin] [/spoiler] At this point, my authentication was successful, all of the sessions are closed. The cookies still saved. I now use curl or file_get_contents to make a private request, but i'm required to sign in. I know it has to do with the cookies i have, i just don't know what to pass and to where. I can set the headers using [spoiler]<?php $opts = array( 'http'=>array( 'method'=>"GET", 'header'=>"Accept-language: en\r\n" . "Cookie: foo=bar\r\n" ) ); $context = stream_context_create($opts);[/spoiler] Again, just not sure which cookies to use and what else i'd need to send or append to the url

Posting in language:

 

Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

  • If you use curl for making one request you should use it for all of them to keep track of all the cookies. You should set the CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR values to the/a file to store them and use the same file whenever you make a request. Think of a cookie file as an incognito browsing session if that helps. I'd also recommend [i]not[/i] using streams in this scenario because you'll inevitably need to deal with managing all the cookies, encoding them, and putting the cookie string in the header for each request - cURL does that for you. Don't forget to add the x-csrf header to your requests with the value of the bungled cookie as the value for the that header.

    Posting in language:

     

    Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

    5 Replies
    You are not allowed to view this content.
    ;
    preload icon
    preload icon
    preload icon