I HATE THE WIKI EDITOR
IT CAN'T FORMAT PROPERLY
When you create a new spreadsheet file on Google Spreadsheet you send a message that looks like this:
GET /ccc?new HTTP/1.1 Host: spreadsheets.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://docs.google.com/ Cookie: PREF=ID=1f17d66f119fb4f0:FF=4:LD=en:NR=10:TM=1161114917:LM=1162254182:S=ylGDZuGAQTSeuMzo; rememberme=false; SID=DQAAAHYAAADDOsZ6RgYvJeotjzFYx852VuGDO8ASou0qciqroM8TR6E5_L9CL5OMvOe10GFjiPEGY0EMtZ5KtvCbySn3SVr9ykTBIExLBzM1JruGuE6bFOXwrNIvaqU_6tO9QdZoMF2VTgaQJT3o4poRzZjcybgM_bmLiCP-gn01em0C2TlSNQ; S=trix=oT-0_aMXqvI
The unnecessary fields will be dropped from the messages that follow.
The SID field appears to be the "token" that Google gives you when you successfully log in using your account. This SID does not change for the duration of the time you are logged in.
Google then redirects you to where you will actually work on the spreadsheet:
HTTP/1.1 302 Moved Temporarily
Set-Cookie: SID=DQAAAHYAAADDOsZ6RgYvJeotjzFYx852VuGDO8ASou0qciqroM8TR6E5_L9CL5OMvOe10GFjiPEGY0EMtZ5KtvCbySn3SVr9ykTBIExLBzM1JruGuE6bFOXwrNIvaqU_6tO9QdZoMF2VTgaQJT3o4poRzZjcybgM_bmLiCP-gn01em0C2TlSNQ;Domain=.google.com;Path=/ Location: tq9.spreadsheets.google.com/ccc?id=o16868970028933443399.4655106385849439743.06692026678955978477.5212236935598890946 Content-Length: 0 Server: GFE/1.3
Google includes the SID in the Set-Cookie field, but they have not changed the value of SID. So we aren't sure why it is included in the message.
What is interesting is that in addition to redirecting you to tq9.**** Google gives you a new id:
o16868970028933443399.4655106385849439743.06692026678955978477.5212236935598890946
This corresponds to four 16-digit HEX values, making it 256 bits.
Some other work we did reveals some structure to this value:
g527man invited captain527hero to edit his TESTER file. The ability to edit the file was sent in a Gmail message and encoded as a key:
spreadsheets.google.com/ccc?key=pa-qhveVeWcwonB8WhiTlMQ
Following this link generates the following:
GET /ccc?key=pa-qhveVeWcwonB8WhiTlMQ HTTP/1.1 Host: spreadsheets.google.com
HTTP/1.1 302 Moved Temporarily Location:http://8y3.spreadsheets.google.com/ccc?id=o14724904797486574187.3595320035840597032.06935471097158819231.1131768858183065257
A full 256 bit key is present
When I click on the TESTER file in Google Spreadsheet interface, the message sent is this:
GET /ccc?key=o14724904797486574187.3595320035840597032 HTTP/1.1 Host: spreadsheets.google.com Referer: http://docs.google.com/ Cookie: rememberme=false; PREF=ID=1f17d66f119fb4f0:FF=4:LD=en:NR=10:TM=1161114917:LM=1163287636:GM=1:S=hnKy-gTcfwf1uOmP; S=gmail=6DgLIUxcN84tfbbbBxD25g:gmail_yj=EWWjXJpY9D4waaYBHKsJ5Q:gmproxy=IsCHZjWrFrU:gmproxy_yj=W2S19UYI7qo:trix=PRKu5e7Bjx8; SID=DQAAAHkAAABm2A9xlGuMvaoiA8Yind4ppJop_UdBO66hjc6uI1sxSG7tqGSQhuf_1v7t4tW3-TNqe5PWDrZi-hxUv0mdyJmrEnyb9ID0ItNaltMYv4LJKX_zBjCJ-L16qxeIBCS70H0Imag7nuBJ2ATz_fAflaiK6e9AOlOkISHO6TJmMQpk6Q; S=gmail=6DgLIUxcN84tfbbbBxD25g:gmail_yj=wgHz90pJgJYR47WPmmPSnQ:gmproxy=Mmk6BLqZunE:gmproxy_yj=Daw04b6VMEU; TZ=360