Robot Web Services Cookie Management

Kienan123 · August 2021

Background Information

We have been struggling with cookie management with robot web services for some time. We have a python script that dose several things, but the result is IRC5 server constantly responds with the “Set Cookie ABBCX” resulting in a continues Login Log off cycle. As seen in the image below, note when using the Default User, the login log off is not displayed in the Events log.

I have developed applications in both JavaScript (running off HOME/docs folder) and python on remote computer. I’ve observed this issue with both types of aplacation with the JavaScrip being a bit harder to manage due to the browser not allowing access to the cookies (httponly).

To try and figure out this issue I’ve setup a simplified python program built off the developercenter cookie management example.

This issue is on some IRC5 controller it works fine on others it does not.

Proper Initial Connection

1. First contact

Server responds with session: -http-session-

2. Subsequent requests Provide cookie: -http-session-

Server responds with cookie: ABBCX

3. Subsequent requests Provide cookie: -http-session-, ABBCX

I currently have two real IRC5 than I’m working with, one unit always accepts the initial connection procedure, and one will always return a new cookie.

The question:

What causes the IRC5 to send a new ABBCX cookie even when the proper cookie is sent.
Are there internal setting that should be configured for RWS.
Documentation says “Failing to send the cookie in the subsequent request will result in "Service Unavailable" (503) error being returned by the controller” but the status code 200 will be sent with a new ABBCX for some time before elevating it to a 503 status. Is this normal

Any help from the community would be appreciated.

Note: the first request is sending a ABBCX from the last time my computer connected I've cleared them before and get the same result.

Header information from the IRC5 that keeps sending new ABBCX

Status Code: 200

################################

Sent Headers: {'User-Agent': 'python-requests/2.26.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Authorization': 'Digest username="Default User", realm="validusers@robapi.abb", nonce="NDRhMmQxNjhjNDFjYTcxODp2YWxpZHVzZXJzQHJvYmFwaS5hYmI6MTdiMWM2MTVmMmQ6MA==", uri="/rw/iosystem/signals/doTest?json=1", response="2fab9ea7e86334b1611e977808718f02", opaque="799d5", algorithm="MD5", qop="auth", nc=00000001, cnonce="227e3491959e4406"'}

################################

Response Headers: {'Set-Cookie': '-http-session-=1::http.session::7af40f72b6f57dac2d279c7a6ef22ae0; path=/; domain=10.10.100.253; httponly, ABBCX=68; path=/; domain=10.10.100.253; httponly', 'Vary': 'Accept-Encoding', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'Date': 'Fri, 06 Aug 2021 16:52:28 GMT', 'Cache-Control': 'no-cache="set-cookie", max-age=0, no-cache, no-store', 'Content-Length': '487', 'X-XSS-Protection': '1; mode=block', 'Connection': 'Keep-Alive', 'Pragma': 'no-cache', 'Expires': '-1', 'Accept-Ranges': 'bytes'}

################################

Status Code: 200

################################

Sent Headers: {'User-Agent': 'python-requests/2.26.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Cookie': '-http-session-=1::http.session::7af40f72b6f57dac2d279c7a6ef22ae0; ABBCX=68'}

################################

Response Headers: {'Set-Cookie': 'ABBCX=69; path=/; domain=10.10.100.253; httponly', 'Vary': 'Accept-Encoding', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'Date': 'Fri, 06 Aug 2021 16:52:28 GMT', 'Cache-Control': 'no-cache="set-cookie", max-age=0, no-cache, no-store', 'Content-Length': '487', 'X-XSS-Protection': '1; mode=block', 'Connection': 'Keep-Alive', 'Pragma': 'no-cache', 'Expires': '-1', 'Accept-Ranges': 'bytes'}

################################

Status Code: 200

################################

Sent Headers: {'User-Agent': 'python-requests/2.26.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Cookie': '-http-session-=1::http.session::7af40f72b6f57dac2d279c7a6ef22ae0; ABBCX=69'}

################################

Response Headers: {'Set-Cookie': 'ABBCX=70; path=/; domain=10.10.100.253; httponly', 'Vary': 'Accept-Encoding', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'Date': 'Fri, 06 Aug 2021 16:52:28 GMT', 'Cache-Control': 'no-cache="set-cookie", max-age=0, no-cache, no-store', 'Content-Length': '487', 'X-XSS-Protection': '1; mode=block', 'Connection': 'Keep-Alive', 'Pragma': 'no-cache', 'Expires': '-1', 'Accept-Ranges': 'bytes'}

################################

Press any key to continue . . .

Header information from the IRC5 that works as expected

Status Code: 200

################################

Sent Headers: {'User-Agent': 'python-requests/2.26.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Authorization': 'Digest username="Default User", realm="validusers@robapi.abb", nonce="NmFiNTVhMmQzY2M2ZTQxNzp2YWxpZHVzZXJzQHJvYmFwaS5hYmI6MTdiMWM2YjIxODY6Nw==", uri="/rw/iosystem/signals/doTest?json=1", response="409d898d04a214ec3d9177c1c0dd0b2b", opaque="799d5", algorithm="MD5", qop="auth", nc=00000001, cnonce="200a4fc0835e368b"'}

################################

Response Headers: {'Set-Cookie': '-http-session-=5::http.session::463cb028134009007fcc5f72523f4fb2; path=/; domain=10.10.100.254; httponly, ABBCX=22; path=/; domain=10.10.100.254; httponly', 'Vary': 'Accept-Encoding', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'Date': 'Fri, 06 Aug 2021 17:03:08 GMT', 'Cache-Control': 'no-cache="set-cookie", max-age=0, no-cache, no-store', 'Content-Length': '461', 'X-XSS-Protection': '1; mode=block', 'Connection': 'Keep-Alive', 'Pragma': 'no-cache', 'Expires': '-1', 'Accept-Ranges': 'bytes'}

################################

Status Code: 200

################################

Sent Headers: {'User-Agent': 'python-requests/2.26.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Cookie': '-http-session-=5::http.session::463cb028134009007fcc5f72523f4fb2; ABBCX=22'}

################################

Response Headers: {'Vary': 'Accept-Encoding', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'Date': 'Fri, 06 Aug 2021 17:03:08 GMT', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Content-Length': '461', 'X-XSS-Protection': '1; mode=block', 'Connection': 'Keep-Alive', 'Pragma': 'no-cache', 'Expires': '-1', 'Accept-Ranges': 'bytes'}

################################

Status Code: 200

################################

Sent Headers: {'User-Agent': 'python-requests/2.26.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Cookie': '-http-session-=5::http.session::463cb028134009007fcc5f72523f4fb2; ABBCX=22'}

################################

Response Headers: {'Vary': 'Accept-Encoding', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'Date': 'Fri, 06 Aug 2021 17:03:08 GMT', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Content-Length': '461', 'X-XSS-Protection': '1; mode=block', 'Connection': 'Keep-Alive', 'Pragma': 'no-cache', 'Expires': '-1', 'Accept-Ranges': 'bytes'}

################################

Press any key to continue . . .

Simplified Python code for testing cookie management

# -*- coding: utf-8 -*-

import sys, requests, json

from requests.auth import HTTPDigestAuth

import time

resp = requests.get("http://10.10.100.254/rw/iosystem/signals/doTest?json=1",

auth=HTTPDigestAuth("Default User","robotics"))

print('Status Code: ', resp.status_code)