[...]
Thanks for your explanation. I did "curl -c" but no luck as it
doesn't have any cookie.
curl -c mycookie " http://<link>/login1.html?a=%3F<username>%2B%2F%40&b=%3F<password>%2B%2F%40
"
# ls mycookie
ls: cannot access 'mycookie': No such file or directory
whereas I can see during curl operation
[....]
<body onload="load();">
<form name="myform" method="post" action="http://<link>/login">
<input type="hidden" name="username" />
<input type="hidden" name="password"/>
</form>
</body>
[/...]
The form leads explicitly to a POST request. This is one where
the data is sent in the HTTP body (and not as query parameters
in the URL, as your curl command above is trying).
Some web frameworks accept (equivalently) both variants, some
not.
Try sending as a POST request:
curl -X POST -c mycookie \
-d username=<user> -d password=<pass> \
http://<link>/login
(replacing, of course <user>, <pass>, <link> by more interesting
values. I've broken up the long line with backslashes, don't type
in those).
For more on the -d option and its cousins, look them up in the
curl man page under --data, --data-ascii, --data-binary and
friends.
Is anything in the cookiejar yet?