4

I have a curl script that is used to remote control a login a (government) website. The website has a government-wide login system that uses 5 redirects over various servers. I found the login works when I set CURLOPT_COOKIEJAR, however I don't understand why this is necessary.

http://www.php.net/manual/en/function.curl-setopt.php states:

CURLOPT_COOKIESESSION

TRUE to mark this as a new cookie "session". It will force libcurl to ignore all cookies it is about to load that are "session cookies" from the previous session. By default, libcurl always stores and loads all cookies, independent if they are session cookies or not. Session cookies are cookies without expiry date and they are meant to be alive and existing for this "session" only.

So it would appear the default behavaiour is to retrieve and resend all cookies?

I would try to understand why my trial and error method was successful

Community
  • 1
  • 1
jdog
  • 2,465
  • 6
  • 40
  • 74
  • 1
    Way after the fact but this answer is more concise: http://stackoverflow.com/questions/10289281/curl-cookies-and-sessions – gloomy.penguin May 14 '13 at 20:47

1 Answers1

3

CURL_COOKIEJAR is simply the file which the cookies which curl automatically parses are stored in. CURL_COOKIESESSION on the other hand is a directive that tells curl that any of the cookies it stored which are considered "session" cookies should be ignored. As such, to actually store the parsed cookies on your system at all, CURL_COOKIEJAR must be set to the location. What is actually meant by that statement about storing/loading is that by default, regardless if the cookie was a "session" cookie or not, if it was stored in the cookiejar it will be sent with the request.

majic bunnie
  • 1,395
  • 2
  • 10
  • 21