How to Set the Cookie Content with Curl

How to use cURL to send Cookies?

This worked for me:

curl -v --cookie "USER_TOKEN=Yes" http://127.0.0.1:5000/

I could see the value in backend using

print(request.cookies)

Is it possible to set the cookie content with CURL?

You really should read the documentation - it's listed with exactly the keywords you'd expect and contains a lot of helpful info:

-b, --cookie

(HTTP) Pass the data to the HTTP server as a cookie. It is supposedly
the data previously received from the server in a "Set-Cookie:" line.
The data should be in the format "NAME1=VALUE1; NAME2=VALUE2".

If no '=' symbol is used in the line, it is treated as a filename to
use to read previously stored cookie lines from, which should be used
in this session if they match. Using this method also activates the
"cookie parser" which will make curl record incoming cookies too,
which may be handy if you're using this in combination with the -L,
--location option. The file format of the file to read cookies from should be plain HTTP headers or the Netscape/Mozilla cookie file
format.

NOTE that the file specified with -b, --cookie is only used as input.
No cookies will be stored in the file. To store cookies, use the -c,
--cookie-jar option or you could even save the HTTP headers to a file using -D, --dump-header!

If this option is set more than once, the last one will be the one
that's used.

Save cookies between two curl requests

Use the --cookie-jar or --dump-header parameter to save received cookies to a file. The --cookie parameter can read back the cookies from that file later.

-b, --cookie <name=data>

(HTTP) Pass the data to the HTTP server as a cookie. It is supposedly the data previously received from the server in a "Set-Cookie:" line. The data should be in the format "NAME1=VALUE1; NAME2=VALUE2".

If no '=' symbol is used in the line, it is treated as a filename to use to read previously stored cookie lines from, which should be used in this session if they match. Using this method also activates the cookie engine which will make curl record incoming cookies too, which may be handy if you're using this in combination with the -L, --location option. The file format of the file to read cookies from should be plain HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie file format.

The file specified with -b, --cookie is only used as input. No cookies will be written to the file. To store cookies, use the -c, --cookie-jar option.

Exercise caution if you are using this option and multiple transfers may occur. If you use the NAME1=VALUE1; format, or in a file use the Set-Cookie format and don't specify a domain, then the cookie is sent for any domain (even after redirects are followed) and cannot be modified by a server-set cookie. If the cookie engine is enabled and a server sets a cookie of the same name then both will be sent on a future transfer to that server, likely not what you intended. To address these issues set a domain in Set-Cookie (doing that will include sub-domains) or use the Netscape format.

If this option is used several times, the last one will be used.

-c, --cookie-jar <file name>

(HTTP) Specify to which file you want curl to write all cookies after a completed operation. Curl writes all cookies previously read from a specified file as well as all cookies received from remote server(s). If no cookies are known, no data will be written. The file will be written using the Netscape cookie file format. If you set the file name to a single dash, "-", the cookies will be written to stdout.

This command line option will activate the cookie engine that makes curl record and use cookies. Another way to activate it is to use the -b, --cookie option.

If the cookie jar can't be created or written to, the whole curl operation won't fail or even report an error clearly. Using -v will get a warning displayed, but that is the only visible feedback you get about this possibly lethal situation.

Since 7.43.0 cookies that were imported in the Set-Cookie format without a domain name are not exported by this option.

If this option is used several times, the last specified file name will be used.

-D, --dump-header <file>

Write the protocol headers to the specified file.

This option is handy to use when you want to store the headers that an HTTP site sends to you. Cookies from the headers could then be read in a second curl invocation by using the -b, --cookie option! The -c, --cookie-jar option is a better way to store cookies.

When used in FTP, the FTP server response lines are considered being "headers" and thus are saved there.

If this option is used several times, the last one will be used

Alternatively, instead of using the command-line cURL app, write some code that uses the libCurl library. That will give you more direct control over cookie handling. libCurl has several features related to HTTP cookies:

Options for curl_easy_getinfo():

  • CURLINFO_COOKIELIST - get all known cookies

Options for curl_easy_setopt():

  • CURLOPT_COOKIE - set contents of HTTP Cookie header

  • CURLOPT_COOKIEFILE - file name to read cookies from

  • CURLOPT_COOKIEJAR - file name to store cookies to

  • CURLOPT_COOKIESESSION - start a new cookie session

  • CURLOPT_COOKIELIST - add to or manipulate cookies held in memory

Then you can store the cookies however you want, and assign them as needed to later HTTP sessions.

Set cookie using cURL

Yes, you should use a different file for each client. What you can do is use tempnam() to generate a unique filename for the client, and save this in a session variable, then use it as the cookie jar. The login controller can do this:

session_start();
if (!isset($_SESSION['cookiefile'])) {
    $cookiefile = tempnam(".", "cookie");
    $_SESSION['cookiefile'] = basename($cookiefile);
}

And then the later page can use 

$cookie = "../../km-controllers/" . $_SESSION['cookiefile'];

When the user logs out, you should delete this file and remove the session variable.

There's nothing that will automatically pass the cookies through from the curl session to the client browser or vice versa. If you don't want to save the cookies in a file, you can use curl_getinfo($ch, CURLINFO_COOKIELIST) to get the cookies, but you'll then have to parse the info yourself, and later use CURLOPT_COOKIE to set each cookie when making future calls. The cookie file automates all this.

Full code for login controller.

session_start(); // This needs to be at the very beginning of your script, before anything that produces output
//...
$km_username = filter_var($_POST['userName'], FILTER_SANITIZE_STRING);
$km_user_password = $_POST['userPassword'];

if (!isset($_SESSION['cookiefile'])) {
    $cookieFile = tempnam(".", "cookie");
    $_SESSION['cookiefile'] = basename($cookiefile);
    file_put_contents($cookieFile, "");
}
$cookieFile = $_SESSION['cookiefile'];

$url = 'https://www.apiwebsite.com/api/login.jsp?';

$fields = array(
    'userid' => $km_username,
    'password' => $km_user_password
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile); // Cookie aware
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile); // Cookie aware
$content = curl_exec($ch);
curl_close($ch);

And the later interrogator:

session_start(); // at very beginning
// ...

$dates = array(
    'd_inizio' => '01/01/2017',
    'd_fine' => '31/12/2017'
);

$url = "https://www.apiwebsite.com/api/ricevute.jsp?";
if (!isset($_SESSION['cookiefile'])) {
    die("no cookie file");
}
$cookie = "../../km-controllers/" . $_SESSION['cookiefile'];

$ch = curl_init ($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($dates));
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie); 
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec ($ch);

setting cookie through curl

Since javascript conducts the check in the browser, you should set the cookie before sending the output to the browser. So you need to combine both scripts:

$ch=curl_init();
$url="http://localhost/javascript%20cookies/test_cookies.html";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$contents = curl_exec($ch);
curl_close($ch);
header("Set-Cookie:user=1");
echo $contents;

Explanation:

Please note that we are looking at two transfers here:

  1. data is fetched by curl, and then
  2. it is sent to the browser.

This is a special case where you are using curl to get the content from localhost, but in real-life uses you'd use curl to get content from a 3rd host.

If you receive different content based on whether a cookie is sent in the request or not, then you should set the cookie with curl. In most cases you can then send the content with no additional tweaking to the browser. But here, you make the decision with checking for a cookie in the browser, so you don't need the first cookie setting, and you do need the second one.


Related Topics

Having Two Different Sessions in Same Domain

PHP Recursively Unset Array Keys If Match

Remove Double Quote in JSON_Encode()

Php: Check for Duplicate Values in a Multidimensional Array

Concatenate Values of N Arrays in PHP

How to Reverse a Unicode String

Convert Clickable Anchor Tags to Plain Text in HTML Document

What Encryption Algorithm Is Best for Encrypting Cookies

PHP Mailer Multiple Address

How to Inject a Repository into a Service in Symfony

Force Freeing Memory in PHP

Best Way to Store Passwords in MySQL Database

Regex for Password PHP

Best Way to Handle Errors on a PHP Page

How to Display "12 Minutes Ago" etc in a PHP Webpage

Point in Polygon Algorithm Giving Wrong Results Sometimes

PHP Prepend Associative Array with Literal Keys

File_Get_Contents When Url Doesn't Exist


Leave a reply



Submit