when I login, i find if i use a wrong username:
So we can use brute force to get the correct username beacuse the correct username has different response lenth
after we got the correct username,use the same way to get the correct password
302 redirect means we login successful