TIL - Cookie Handling in cURL

Abenezer Belachew

Abenezer Belachew Β· January 07, 2025

3 min read

Today I learned that cURL can handle cookies with the --cookie and --cookie-jar flags. Lowkey sad that I didn't know about this earlier, but heyβ€”better late than never! This is incredibly useful when working with APIs or automating requests that involve session handling.

By default, cURL ignores cookies, but it provides two useful flags for handling them:

  • --cookie: Sends cookies to the server from a file or inline key-value pairs.
  • --cookie-jar: Saves cookies sent by the server into a specified file.

To demonstrate this, I'll use httpbingo.org, a simple service for testing HTTP requests. We'll see how to save cookies from a response using the --cookie-jar flag and then send those cookies back in subsequent requests.

Saving Cookies from a Response

  • The endpoint /cookies/set from httpbingo.org sets cookies and redirects to /cookies
  • In this example, I'm going to set three cookies (tracking, sessionid, theme) and save them to a file called /tmp/cookies.
curl -i --cookie-jar /tmp/cookies \                           
http://httpbingo.org/cookies/set\?tracking\=123\&sessionid\=456\&theme\=dark

# Response
HTTP/1.1 302 Found
access-control-allow-credentials: true
access-control-allow-origin: *
location: /cookies
set-cookie: tracking=123; HttpOnly
set-cookie: sessionid=456; HttpOnly
set-cookie: theme=dark; HttpOnly
date: Tue, 07 Jan 2025 22:02:27 GMT
server: Fly/d5165e6e2 (2024-12-18)
via: 1.1 fly.io
fly-request-id: 01JH1CMS6FSQWGCP36755F4QJZ-sea
content-length: 0
  • As you can see in the response headers, the set-cookie header defines the cookies (tracking, sessionid, theme) that the server expects the client to store and send back with subsequent requests.
set-cookie: tracking=123; HttpOnly
set-cookie: sessionid=456; HttpOnly
set-cookie: theme=dark; HttpOnly
  • Now the values in the set-cookies headers will be saved to in /tmp/cookies, as specified in the --cookie-jar flag.
cat /tmp/cookies

───────┬─────────────────────────────────────────────────────────────────────────
       β”‚ File: /tmp/cookies
───────┼─────────────────────────────────────────────────────────────────────────
   1   β”‚ # Netscape HTTP Cookie File
   2   β”‚ # https://curl.se/docs/http-cookies.html
   3   β”‚ # This file was generated by libcurl! Edit at your own risk.
   4   β”‚ 
   5   β”‚ #HttpOnly_httpbingo.org FALSE   /cookies/   FALSE   0   theme   dark
   6   β”‚ #HttpOnly_httpbingo.org FALSE   /cookies/   FALSE   0   sessionid   456
   7   β”‚ #HttpOnly_httpbingo.org FALSE   /cookies/   FALSE   0   tracking    123
───────┴─────────────────────────────────────────────────────────────────────────

  • The /tmp/cookies file uses the Netscape cookie file format, which is a widely-used standard for storing cookies in HTTP clients. Each line represents a cookie, including details like the domain, path, and expiration if applicable.

  • Now that we've saved the cookies, let's look at how to use them in subsequent requests.

Using Cookies in Subsequent Requests

  • For subsequent requests that require the cookie, you can use the --cookie flag followed by the file path where the cookies are saved.
curl --cookie /tmp/cookies http://httpbingo.org/cookies

{
  "sessionid": "456",
  "theme": "dark",
  "tracking": "123"
}
  • The /cookies endpoint returns the cookie value. In this case, it returns the cookies stored in /tmp/cookies that were set in the previous request.

Thoughts

  • This will come in handy when you need to send cookies with your requests or save cookies from a response using cURL.
  • No more manual cookie handling!

Shoutouts

  • Thanks to Anton Zhiyanov for writing a guide that I was using for a quick refresh on cURL commands.

πŸͺ