Sending Cookies with Curl
Naveera A.
—The Problem
HTTP cookies are key-value pairs that are sent by the server to the client to store. The client sends the cookies back on subsequent requests. In this way, the server can keep track of the client’s state.
The command line tool curl is a powerful tool that developers use to transfer data to and from a server.
How can you store the cookies sent by the server when using curl? And how can you send those cookies to the server on subsequent requests?
The Solution
The general design of curl is minimalistic. This means that we need to turn on the “cookie engine”, otherwise curl will not acknowledge any cookies.
We can enable the cookie engine by asking curl to read or write the cookies.
For example, we can activate the cookie engine and read the cookies using the option --cookie or the shorter version -b. We can read the cookies from a string theme=dark and send them in an HTTP request like so:
curl --cookie theme=dark https://www.google.com
or
curl -b theme=dark https://www.google.com
Reading Cookies from a File
To read the cookies from a file, we can provide the file name after the read cookie option, like so:
curl -b cookies.txt https://www.google.com
So how does curl know that this time we are providing a file name and not a string? If no ’=’ symbol is used in the argument, curl treats the argument as a filename, and reads data from there.
The above command will only read the cookies from the file. If the server updates the cookies in its response, curl will update that cookie in its in-memory store only, which will be discarded eventually.
Writing Cookies to a File
We can tell curl to write cookies to a file using the --cookie-jar or -c option.
For example, we can use the following command to save the cookies returned by the server in the file cookie-jar.txt:
curl -c cookie-jar.txt https://www.google.com
An important point to keep in mind is that curl will write all cookies from its in-memory cookie storage to the given file only at the end of operations. Curl will not save the cookie data to the file during its lifetime.
Often we will need to read and write cookies at the same time, like so:
curl -b cookie-jar.txt -c cookie-jar.txt https://www.google.com
Cookie File Format
The cookie file used with curl should follow the Netscape cookie file format. According to the documentation:
The cookie file format is text based and stores one cookie per line. Lines that start with
#are treated as comments.Each line that specifies a single cookie consists of seven text fields separated with TAB characters. A valid line must end with a newline character.
Field number, type, example data and the meaning of it:
- string
example.com- the domain name- boolean
FALSE- include subdomains- string
/foobar/- path- boolean
TRUE- send/receive over HTTPS only- number
1462299217- expires at - seconds since 01 January 1970, or 0- string
person- name of the cookie- string
daniel- value of the cookie
- Syntax.fmListen to the Syntax Podcast
- ResourcesWhat is Distributed Tracing
- Listen to the Syntax Podcast
![Syntax.fm logo]()
Tasty treats for web developers brought to you by Sentry. Get tips and tricks from Wes Bos and Scott Tolinski.
SEE EPISODES
Considered “not bad” by 4 million developers and more than 100,000 organizations worldwide, Sentry provides code-level observability to many of the world’s best-known companies like Disney, Peloton, Cloudflare, Eventbrite, Slack, Supercell, and Rockstar Games. Each month we process billions of exceptions from the most popular products on the internet.
A peek at your privacy
Here’s a quick look at how Sentry handles your personal information (PII).
×Who we collect PII from
We collect PII about people browsing our website, users of the Sentry service, prospective customers, and people who otherwise interact with us.
What if my PII is included in data sent to Sentry by a Sentry customer (e.g., someone using Sentry to monitor their app)? In this case you have to contact the Sentry customer (e.g., the maker of the app). We do not control the data that is sent to us through the Sentry service for the purposes of application monitoring.
Am I included?PII we may collect about you
- PII provided by you and related to your
- Account, profile, and login
- Requests and inquiries
- Purchases
- PII collected from your device and usage
- PII collected from third parties (e.g., social media)
How we use your PII
- To operate our site and service
- To protect and improve our site and service
- To provide customer care and support
- To communicate with you
- For other purposes (that we inform you of at collection)
Third parties who receive your PII
We may disclose your PII to the following type of recipients:
- Subsidiaries and other affiliates
- Service providers
- Partners (go-to-market, analytics)
- Third-party platforms (when you connect them to our service)
- Governmental authorities (where necessary)
- An actual or potential buyer
We use cookies (but not for advertising)
- We do not use advertising or targeting cookies
- We use necessary cookies to run and improve our site and service
- You can disable cookies but this can impact your use or access to certain parts of our site and service
Know your rights
You may have the following rights related to your PII:
- Access, correct, and update
- Object to or restrict processing
- Port over
- Opt-out of marketing
- Be forgotten by Sentry
- Withdraw your consent
- Complain about us
If you have any questions or concerns about your privacy at Sentry, please email us at compliance@sentry.io.
If you are a California resident, see our Supplemental notice.