乐闻世界logo
搜索文章和话题

How to handle cookies and session management in cURL?

3月6日 21:54

Cookie management is a critical feature in cURL when dealing with web applications that require authentication. cURL provides multiple ways to send, receive, and persist cookies.

Sending Cookies

bash
# Method 1: Using -b parameter
curl -b "session_id=abc123" https://api.example.com/profile

# Method 2: Using -H to set Cookie header
curl -H "Cookie: session_id=abc123" https://api.example.com/profile

# Send multiple cookies
curl -b "session_id=abc123; user_id=456; theme=dark" \
     https://api.example.com/profile

# Read cookies from file
curl -b cookies.txt https://api.example.com/profile

Receiving and Saving Cookies

bash
# Save server-returned cookies to file
curl -c cookies.txt https://api.example.com/login

# Send and receive cookies simultaneously
curl -b cookies.txt -c cookies.txt \
     -d "username=admin&password=123456" \
     https://api.example.com/login

# Display detailed cookie information
curl -v https://api.example.com/login 2>&1 | grep "Set-Cookie"

Cookie File Format

cURL uses Netscape format cookie files:

shell
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated automatically by curl

.example.com	TRUE	/	FALSE	0	session_id	abc123
.example.com	TRUE	/	FALSE	1735689600	user_id	456

Field descriptions:

  1. Domain
  2. Include subdomains (TRUE/FALSE)
  3. Path
  4. Secure connection only (TRUE/FALSE)
  5. Expiration timestamp (Unix timestamp, 0 for session cookie)
  6. Cookie name
  7. Cookie value

Complete Login Flow Example

bash
# Step 1: Visit login page, get initial cookies
curl -c cookies.txt -b cookies.txt \
     https://api.example.com/login

# Step 2: Submit login form, save session cookie
curl -c cookies.txt -b cookies.txt \
     -X POST \
     -d "username=admin&password=123456" \
     https://api.example.com/login

# Step 3: Access protected page with session cookie
curl -b cookies.txt https://api.example.com/dashboard

# Step 4: Logout (clear session)
curl -b cookies.txt https://api.example.com/logout

Cookie Related Parameters

ParameterPurposeExample
-b or --cookieSend cookies-b "name=value" or -b cookies.txt
-c or --cookie-jarSave cookies-c cookies.txt
-j or --junk-session-cookiesIgnore session cookiesSkip session cookies when reading file

Advanced Usage

bash
# Use Cookie Jar for session management
curl -b cookies.txt -c cookies.txt -L \
     -X POST \
     -H "Content-Type: application/json" \
     -d '{"username":"admin","password":"123456"}' \
     https://api.example.com/api/login

# View cookie file content
cat cookies.txt

# Clear all cookies (delete file)
rm cookies.txt

# Keep only persistent cookies (filter session cookies)
curl -b cookies.txt -j -c persistent_cookies.txt \
     https://api.example.com/data

Important Notes

  1. Security: Cookie files contain sensitive information, set proper permissions (chmod 600)
  2. Expiration: Regularly clean up expired cookies
  3. Cross-domain restrictions: Cookies follow same-origin policy, ensure domain and path match
  4. Session vs Persistent: Session cookies expire when browser closes, persistent cookies have expiration time
标签:cURL
热门标签
更多
Git(114)C语言(23)C++(15)React(34)前端(148)Cypress(30)JavaScript(56)Linux(20)Docker(65)Rust(10)TypeScript(27)Mongoose(18)MySQL(8)Vue(13)Tailwind CSS(29)CSS(19)ElasticSearch(24)网络(12)TypeORM(31)