HTTPWebRequest and "X_Session"?

Question

I am new to interacting with a webpage in C#. I have come across a problem where a server returns a 401 unauthorized access exception, even though I provided correct credentials. I have traced the source of my problem to something called an "X_Session" as in below:

How would I generate one of these?

The code I currently have is:

    private void snd_Click(object sender, EventArgs e)
    {         
        string pnum = number.Text;
        string msg = text.Text;

        StringBuilder postData = new StringBuilder();
        postData.Append("%7B%22contact_value%22%3A%22" + pnum + "%22%2C");
        postData.Append("%22contact_type%22%3A2%2C");
        postData.Append("%22message%22%3A%22" + msg + "%22%2C");
        postData.Append("%22read%22%3A1%2C");
        postData.Append("%22message_direction%22%3A2%2C");
        postData.Append("%22message_type%22%3A1%2C");
        postData.Append("%22date%22%3A%22Sat+Nov+30+2013+13%3A20%3A44+GMT-0800+(Pacific+Standard+Time)%22%2C");
        postData.Append("%22from_name%22%3A%22[redacted name]%22%7D");

        UTF8Encoding encoding = new UTF8Encoding();
        byte[] byData = encoding.GetBytes(postData.ToString());

        HttpWebRequest req = (HttpWebRequest)WebRequest.Create(new Uri("https://www.textnow.com/api/users/[redacted username]/messages"));
        WebResponse response = null;

        req.ProtocolVersion = HttpVersion.Version11;

        System.Net.NetworkCredential netCredential =
    new System.Net.NetworkCredential("[redacted username]", "[redacted password]");
        req.Credentials = netCredential;

        req.PreAuthenticate = true;
        req.KeepAlive = true;
        req.Method = "OPTIONS";
        req.Host = "www.textnow.com";
        req.Accept = "*/*";
        req.Headers.Add("Accept-Encoding", "gzip,deflate,sdch");
        req.Headers.Add("Accept-Language", "en-US,en;q=0.8");
        req.Headers.Add("Access-Control-Request-Headers","accept, origin, x_session, content-type");
        req.Headers.Add("Access-Control-Request-Method","POST");
        response = (HttpWebResponse)req.GetResponse();


        HttpWebRequest mreq = (HttpWebRequest)WebRequest.Create(new Uri("https://www.textnow.com/api/users/csharpautomaton/messages"));
        mreq.Method = "POST";
        mreq.Host = "www.textnow.com";
        mreq.ProtocolVersion = HttpVersion.Version11;
        mreq.Accept = "application/json, text/javascript, */*; q=0.01";
        mreq.Headers.Add("Accept-Encoding","gzip,deflate,sdch");
        mreq.Headers.Add("Accept-Language", "en-US,en;q=0.8");
        mreq.UserAgent = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13";
        mreq.Credentials = netCredential;

        mreq.ContentType = "application/x-www-form-urlencoded; charset=UTF-8";

        mreq.Referer = "https://www.textnow.com/api/users/[redacted username]/messages";
        mreq.AllowAutoRedirect = true;
        mreq.KeepAlive = true;


        mreq.ContentType = "application/x-www-form-urlencoded; charset=UTF-8";

        Stream sw = mreq.GetRequestStream();
        sw.Write(byData,0,byData.Length);
        sw.Close();
        response = (HttpWebResponse)mreq.GetResponse();


    }

Answer 1

Who created the X_session value in the sample you posted?

Whoever created that value will know what the rules are for creating it. It was probably setup on some prior request and saved for later use.