Netscape HTTP Cookie File - Use saved file?

Asked

Viewed 239 times

2

Guys my doubt is basic, but there is a however, I searched and did not find the explanation, on the documentation site of cURL explains but even I translating did not understand. Good let’s go.

CURLOPT_COOKIEJAR Saves the file in any directory.

CURLOPT_COOKIFILE Read the file in the saved directory, I am correct?

CURLOPT_COOKIESESSION Starts the session of COOKIEJAR correct or not?

Help me with these questions before you answer from below:

After saving the COOKIES in the file, how to use it without having to store in setcookie(); ?

How I use these functions of cURL correctly?

1 answer

1


There are four read functions (and one write which is the CURLOPT_COOKIEJAR, officially and a info which is the CURLINFO_COOKIELIST, that informs in the format Set-Cookie, explained below):

CURLOPT_COOKIE

He’s a shortcut to -H "Cookie: {string}". It sets the value (string) directly in the header of the Cookie:, presupposes that it follows the RFC 6265 (see section 3.1), therefore:

Server -> User: (Understand as "Set-Cookie Format"):

Set-Cookie: SID=31d4d96e407aad42; Path=/; Secure; Httponly
Set-Cookie: lang=en-US; Path=/; Domain=example.com

User -> Server: (Understand as "Cookie Format"):

Cookie: SID=31d4d96e407aad42; lang=en-US

Multiple cookies are used ; between each value, in the case of the client and in the case of the server uses multiple Set-Cookie:.

Curl acts as a Usuário -> Servidor, in this case and using the CURLOPT_COOKIE you will need to follow the format of the "Cookie".


The functions below use the "cookie engine", the cookie management system of Curl itself:

CURLOPT_COOKIEFILE

Defines the Cookie: using the information of a file. This file can be in two formats, you can use the format of the former Netscape or may have the same format as Set-Cookie, explained above.


CURLOPT_COOKIESESSION

It will remove any "session" cookie, thus creating a new session, simulating for example that it closed the browser and opened again.

If you use other functions that use the "cookie engine" (such as COOKIEFILE and the COOKIELIST) it can contain flags, such flags will indicate its expiration time. If it is 0 (or omitted) it will be considered a non-permanent cookie, in other words it will be "a session cookie" as defined in this same RFC (see 5.3: Storage Model):

When "the Current Session is over" (as defined by the user agent), the user agent MUST remove from the cookie store all cookies with the persistent-flag set to false.


CURLOPT_COOKIELIST

It allows you to import a string (in both Netscape format and format Set-Cookie). His difference to the CURLOPT_COOKIE is that allows you to use the format of Set-Cookie and not of Cookie. Also if using the CURLOPT_COOKIEJAR it will save cookies, including those set by you.

There are some details, it will always keep the cookie that was set before, ie if you give a COOKELIST before the COOKIEFILE and there is conflict of names the first will stay alive, which does not occur in the CURLOPT_COOKIE, after all it does not use cookie management. In addition there are some special commands when using the strings of FLUSH, RELOAD, SESS and ALL.


That’s a summary, all the detailed documentation is on the Curl page itself, which is much better than PHP documentation, by the way.


After saving the COOKIES in the file, how to use it without having to store in setcookie(); ?

Never had to use the setcookie, This just creates a cookie between you and your customer, it doesn’t make any sense. After all, now the customer will be able to control a cookie that will be used by your Curl.

You can store anywhere, actually if it is already saved in a file it is already stored. To use it depends on the format the contents of that file are in. If it is in Netscape format you can use _COOKIEFILE, if it is in format Set-Cookie may use the _COOKIELIST. Already if it is in format Cookie may use _COOKIE or directly use the -H "Cookie: ...".

Just as you can extract the information directly from the header and store it from the database, both in format Set-Cookie how much in format Cookie. Anyway, how to store is on your own. Your browser, for example, stores cookies in a way that can be totally different from multiple files... Storage does not matter, it is important to send (when necessary) the correct cookies and delete cookies when necessary.

How to use Curl functions correctly?

Knowing what each one does may know which one uses it or does not use any, all these functions are just "shortcuts", features already built in to facilitate the use of cookies. But this may not facilitate in all cases, you can create your own cookie management system. After all, cookies are (and always will be) just a mere header with an arbitrary value following the Nome=Valor, in the case of client-to-server communication (or the Curl to the server in this situation), then anything that enters this header will work.

  • 2

    Oops then when I monitor a certain site and see there Cookie: ... Should I use _COOKIE instead of _COOKIEFILE?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.