-
Notifications
You must be signed in to change notification settings - Fork 0
GradeSpeed (ParentStudentConnect)
Houston ISD uses GradeSpeed for their students to access their grades. Other districts may use the same software, so the base URL used in the writing of this documentation is below.
Base URL: apps.houstonisd.org/ParentStudentConnect/
Empty, cookie is null
Status: 200 OK;
Set-Cookie header contains session id information.
ASP.NET_SessionId=zfstv242222wat45222falfb; path=/; HttpOnly
The form data, as far as I can tell, isn't arbitrary and is generated by browser javascript and/or on the server-side and must be retrieved from the DOM directly. They're long and necessary for login to be successful.
ctl00$ContentArea$txtUserName β student username
ctl00$ContentArea$txtPassword β student password
ctl00$ContentArea$btnLogin β Login
__EVENTTARGET β (empty string)
__EVENTARGUMENT β (empty string)
__VIEWSTATE β
/wEPD...8OI=
__VIEWSTATEGENERATOR β
125EDFF6
__PREVIOUSPAGE β
NrX...cl0
__EVENTVALIDATION β
/wEWC...SZ8=
Include Cookie data from / to proceed.
Wrong credentials in form data
Status: 200 OK;
Location header is empty/nonexistant to prevent redirection
Correct credentials in form data
Status: 302 Found;
Set-Cookie header contains valid .ASPXAUTH cookie and potentially others;
Location header contains /ParentStudentConnect/default.aspx, redirecting you to the home page to see your grades
Cookie is invalid, by whatever means, and won't present you with a home page.
Status: 302 Found;
Location header contains /ParentStudentConnect/login.aspx?ReturnUrl=%2fParentStudentConnect%2fPSCHome.aspx with the intent of having you login to continue.
Cookie is valid from logging in previously.
Status: 200 OK;
The response headers are completely uninteresting. You're in!