1 # HTTP Cookies 2 3 ## Cookie overview 4 5 Cookies are `name=contents` pairs that a HTTP server tells the client to 6 hold and then the client sends back those to the server on subsequent 7 requests to the same domains and paths for which the cookies were set. 8 9 Cookies are either "session cookies" which typically are forgotten when the 10 session is over which is often translated to equal when browser quits, or 11 the cookies aren't session cookies they have expiration dates after which 12 the client will throw them away. 13 14 Cookies are set to the client with the Set-Cookie: header and are sent to 15 servers with the Cookie: header. 16 17 For a very long time, the only spec explaining how to use cookies was the 18 original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html). 19 20 In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally 21 published and details how cookies work within HTTP. 22 23 ## Cookies saved to disk 24 25 Netscape once created a file format for storing cookies on disk so that they 26 would survive browser restarts. curl adopted that file format to allow 27 sharing the cookies with browsers, only to see browsers move away from that 28 format. Modern browsers no longer use it, while curl still does. 29 30 The netscape cookie file format stores one cookie per physical line in the 31 file with a bunch of associated meta data, each field separated with 32 TAB. That file is called the cookiejar in curl terminology. 33 34 When libcurl saves a cookiejar, it creates a file header of its own in which 35 there is a URL mention that will link to the web version of this document. 36 37 ## Cookies with curl the command line tool 38 39 curl has a full cookie "engine" built in. If you just activate it, you can 40 have curl receive and send cookies exactly as mandated in the specs. 41 42 Command line options: 43 44 `-b, --cookie` 45 46 tell curl a file to read cookies from and start the cookie engine, or if it 47 isn't a file it will pass on the given string. -b name=var works and so does 48 -b cookiefile. 49 50 `-j, --junk-session-cookies` 51 52 when used in combination with -b, it will skip all "session cookies" on load 53 so as to appear to start a new cookie session. 54 55 `-c, --cookie-jar` 56 57 tell curl to start the cookie engine and write cookies to the given file 58 after the request(s) 59 60 ## Cookies with libcurl 61 62 libcurl offers several ways to enable and interface the cookie engine. These 63 options are the ones provided by the native API. libcurl bindings may offer 64 access to them using other means. 65 66 `CURLOPT_COOKIE` 67 68 Is used when you want to specify the exact contents of a cookie header to 69 send to the server. 70 71 `CURLOPT_COOKIEFILE` 72 73 Tell libcurl to activate the cookie engine, and to read the initial set of 74 cookies from the given file. Read-only. 75 76 `CURLOPT_COOKIEJAR` 77 78 Tell libcurl to activate the cookie engine, and when the easy handle is 79 closed save all known cookies to the given cookiejar file. Write-only. 80 81 `CURLOPT_COOKIELIST` 82 83 Provide detailed information about a single cookie to add to the internal 84 storage of cookies. Pass in the cookie as a HTTP header with all the details 85 set, or pass in a line from a netscape cookie file. This option can also be 86 used to flush the cookies etc. 87 88 `CURLINFO_COOKIELIST` 89 90 Extract cookie information from the internal cookie storage as a linked 91 list. 92 93 ## Cookies with javascript 94 95 These days a lot of the web is built up by javascript. The webbrowser loads 96 complete programs that render the page you see. These javascript programs 97 can also set and access cookies. 98 99 Since curl and libcurl are plain HTTP clients without any knowledge of or 100 capability to handle javascript, such cookies will not be detected or used. 101 102 Often, if you want to mimic what a browser does on such web sites, you can 103 record web browser HTTP traffic when using such a site and then repeat the 104 cookie operations using curl or libcurl. 105
