我写了这段代码来强制dvwa的登录页面，但它打印的只是第一页的HTML 它坏了，谁能告诉我为什么

import requests
import re

m1 = re.compile(r'<input type='hidden' name='user_token' value='.+' />')

url = 'http://192.168.43.116/dvwa/login.php'

with requests.Session() as s:

    headers = {'Host': '192.168.43.116', 'User-Agent': 'Mozilla/5.0 (X11; Linux aarch64; rv:78.0) Gecko/20100101 Firefox/78.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate',
               'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': '88', 'Origin': 'http://192.168.43.116', 'Connection': 'keep-alive', 'Referer': 'http://192.168.43.116/dvwa/login.php', 'Cookie': 'security=low; PHPSESSID=hilrjd0eoc1e8vdjtsfh6efefm', 'Upgrade-Insecure-Requests': '1'}
    r = s.post(url, verify=False)
    ssid = requests.utils.dict_from_cookiejar(s.cookies)['PHPSESSID']
    token = m1.search(r.text).group(0)[46:-4]
    print(token)

    cookie = {'security': 'low', 'PHPSESSID': '{id}'.format(id=ssid)}

    data = {'username': 'admin', 'password': 'password',
            'Login': 'Login', 'user_token': '{token}'.format(token=token)}
    res2 = requests.post(url, headers=headers, cookies=cookie, json=data)
    print(res2.text)
    print(res2)