PHP Curl and Cookies

PHP Curl And Cookies

Solutions which are described above, even with unique CookieFile names, can cause a lot of problems on scale.

We had to serve a lot of authentications with this solution and our server went down because of high file read write actions.

The solution for this was to use Apache Reverse Proxy and omit CURL requests at all.

Details how to use Proxy on Apache can be found here:
https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

PHP CURL saves cookie into cookiejar but doesn't use it

The first you must make sure __DIR__ have write permission.

The second when you run code. You can check cookie.txt file had been create or not.

The third you must use ONE cookie for all session. So the victim know you logged in.

And try my source

$cookies = tempnam('/tmp','cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);

How can I send cookies using PHP curl in addition to CURLOPT_COOKIEFILE?

If the cookie is generated from script, then you can send the cookie manually along with the cookie from the file(using cookie-file option). For example:

# sending manually set cookie
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: test=cookie"));

# sending cookies from file
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);

In this case curl will send your defined cookie along with the cookies from the file.

If the cookie is generated through javascrript, then you have to trace it out how its generated and then you can send it using the above method(through http-header).

The utma utmc, utmz are seen when cookies are sent from Mozilla. You shouldn't bet worry about these things anymore.

Finally, the way you are doing is alright. Just make sure you are using absolute path for the file names(i.e. /var/dir/cookie.txt) instead of relative one.

Always enable the verbose mode when working with curl. It will help you a lot on tracing the requests. Also it will save lot of your times.

curl_setopt($ch, CURLOPT_VERBOSE, true);

Use Browser cookies in PHP Curl to log-in to a website

To verify the format of a cookie file: You can set 

curl_setopt($ch, CURLOPT_COOKIEJAR, "path_to_the_cookie_file")

next run a CURL request to any website that sets cookies, then check the format of the set cookie file.

To send your cookies: Then build your cookie file with the desired cookies and use the setting

curl_setopt($ch, CURLOPT_COOKIEFILE, "path_to_the_cookie_file")

to make your CURL request send the cookies.

Edit #1: From the official PHP documentation (http://php.net/manual/en/function.curl-setopt.php):

The cookie file can be in Netscape format, or just plain HTTP-style
headers dumped into a file.

Edit #2: this is an example of a cookie file generated by CURL (source):

# Netscape HTTP Cookie File
# This file was generated by libcurl! Edit at your own risk.
.auto.com   TRUE    /   FALSE   1452087781  ___suid 2ecfe4287cbeacd8399eaf98bec9ce0b.59089b9d033bc7c6dce8ea2fca139920
.auto.com   TRUE    /   FALSE   1452865380  all7_user_region_confirmed  1
.auto.com   TRUE    /   FALSE   1452865380  geo_location    a%3A3%3A%7Bs%3A7%3A%22city_id%22%3Ba%3A0%3A%7B%7Ds%3A9%3A%22region_id%22%3Ba%3A1%3A%7Bi%3A0%3Bi%3A89%3B%7Ds%3A10%3A%22country_id%22%3Ba%3A0%3A%7B%7D%7D
.auto.com   TRUE    /   FALSE   1423921380  autoru_sid  ee094d60fa32eada_daf2da69dc79a59b7c8702a29554abbc
.auth.auto.com  TRUE    /   FALSE   1421329026  autoru_sid  
.auth.auto.com  TRUE    /   FALSE   1421329026  autoru_sid_key  
.auto.com   TRUE    /   FALSE   1421329026  cc6882cb6b6f0c912cf9589734fcc1e6    
.auto.com   TRUE    /   FALSE   1452865027  user_name   igor.savinkin5%40gmail.com
.auto.com   TRUE    /   FALSE   1452865027  username   igor.savinkin5%40gmail.com

Edit #3: What are all those entries in my cookies.txt file? (http://www.cookiecentral.com/faq/#3.5)

From left-to-right, here is what each field represents:

domain - The domain that created AND that can read the variable.

flag - A TRUE/FALSE value indicating if all machines within a given
domain can access the variable. This value is set automatically by the
browser, depending on the value you set for domain.

path - The path within the domain that the variable is valid for.

secure - A TRUE/FALSE value indicating if a secure connection with the
domain is needed to access the variable.

expiration - The UNIX time that the variable will expire on. UNIX time
is defined as the number of seconds since Jan 1, 1970 00:00:00 GMT.

name - The name of the variable.

value - The value of the variable.

Getting and setting Cookies in PHP Curl Serverside

Curl manages cookies autonomously, you don't need to parse and set them:

<?php 
$ch = curl_init('https://www.test.com/getcookie');

$cookiesFile = "cookies.txt"; // <--- cookies are stored here

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, false); // <---

curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiesFile ); // <---
curl_setopt($ch, CURLOPT_COOKIEJAR,  $cookiesFile ); // <---

$result = curl_exec($ch);

curl_close($ch);

if( $result === false ) {
    // failure
}

Then

<?php

$cookiesFile = "cookies.txt"; // <--- cookies are retrieved here

$curl = curl_init( 'https://test.com/api' );
curl_setopt( $curl, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $token ) );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1);

curl_setopt( $curl, CURLOPT_COOKIEFILE, $cookiesFile ); // <---
curl_setopt( $curl, CURLOPT_COOKIEJAR,  $cookiesFile ); // <---

$getbalance = curl_exec( $curl );
curl_close($curl);

You can specify a file where curl stores and reads cookies as in the example above.

Upon subsequent curl calls the cookies file is updated.

The cookies file doesn't need to exist prior of first call but of course PHP must have read/write access.

get cookies from curl

I used this and worked for me:

    curl_setopt($ch, CURLOPT_HEADER, 1);
//Return everything
$res = curl_exec($ch);
//Split into lines
$lines = explode("\n", $res);
$headers = array();
$body = "";
foreach($lines as $num => $line){
    $l = str_replace("\r", "", $line);
    //Empty line indicates the start of the message body and end of headers
    if(trim($l) == ""){
        $headers = array_slice($lines, 0, $num);
        $body = $lines[$num + 1];
        //Pull only cookies out of the headers
        $cookies = preg_grep('/^Set-Cookie:/', $headers);
        break;
    }
}

Related Topics

PHP Pdoexception: "Sqlstate[Hy093]: Invalid Parameter Number"

Where to Put Password_Verify in Login Script

How to Write SQL For a Table That Shares the Same Name as a Protected Keyword in MySQL

Laravel Eloquent Query Using Where With or and Or

Why Is Require_Once So Bad to Use

PHPmailer - Smtp Error: Password Command Failed When Send Mail from My Server

Curl Error 60, Ssl Certificate Issue: Self Signed Certificate in Certificate Chain

Curl and PHP - How to Pass a Json Through Curl by Put,Post,Get

What Is the "-≫" PHP Operator Called

PHP Json_Encode Encoding Numbers as Strings

Encrypting/Decrypting File With Mcrypt

Codeigniter: How to Connect to Your Database Server Using the Provided Settings Error Message

PHPexcel Runs Out of 256, 512 and Also 1024Mb of Ram

PHP Mail Not Working For Some Reason

How to Use a JavaScript Variable as a PHP Variable

Get PHP to Stop Replacing '.' Characters in $_Get or $_Post Arrays

Why Is the Hash Part of the Url Not Available on the Server Side

Why Do Some Scripts Omit the Closing PHP Tag, '≫'


Leave a reply



Submit