Search code examples
pythonsessionwebsockettornado

Getting Access Denied after receiving valid session id

I have a working python/tk program that runs a cgi script based on user selection. I'm working to cut this down to a small script that just focuses on one particular cgi script. It appears to be getting the session id correctly but when I launch the browser I keep getting "access denied". As the other program works I not expecting any issues from the website. Any help will be appreciated.

UPDATE: If I use a debugger and set a breakpoint on the line print url the url printed in the console, as seen below, does work. I now know the session id token is good.

Also if I step into the webbrowser function and then step over after that the script also works.

Here is my code.

import json
import tornado.web
import tornado.websocket
from tornado import gen
import tornado.ioloop
import webbrowser
from struct import *

request_id = 71
ip_address = "10.22.4.14"


# ************************************************
# Procedure to open websocket and get session id
# ***********************************************
@gen.coroutine
def open_ws(ip, username, password):
    global client
    global request_id
    global session_id

    ws_url = "ws://" + ip + ":7011/"

    try:
        client = yield tornado.websocket.websocket_connect(ws_url, None, None, 5, None, None)
        # print("websocket %s open" % ws_url)
    except error:
        exit()

    # Send Mercury login request
    JSON = '{"requests":[{"request_id": %s, "login":{"username": "%s","password": "%s"}}]}' % (str(request_id), username, password)

    client.write_message(JSON)
    results = yield client.read_message()
    # print("msg is %s" % results)

    # Parse the response of login request to get the error code
    parsed_json = json.loads(results)
    err_code = parsed_json['responses'][0]['request_response']['result']['err_code']

    if 0 == err_code:
        # Parse the response of get_command_result to get the session id
        session_id = parsed_json['responses'][0]['request_response']['login']['session_id']
        # print("login succeeded - session id: %s" % session_id)
    else:
        print("login failed")
    # error_exit(err_code)


def get_token():
tornado.ioloop.IOLoop.instance().run_sync(lambda: open_ws(ip_address, 'admin', 'admin'))
    return session_id

session_id = get_token()
print "Token is " + session_id

url = "http://" + ip_address + "/scripts/dostuff.cgi?session=" + session_id
print url  # add breakpoint here

# launch browser
webbrowser.open(url)

Console output:

Token is 7zNSZX9liaUDFFN0ijn-LWQ8
http://10.222.4.14/scripts/dostuff.cgi?session=7zNSZX9liaUDFFN0ijn-LWQ8
Solution

  • Resolved. The script was ending therefore closing the socket before the browser had a chance to respond to the request