0

I have the following code which is doing an HTTP/POST to log into a web form. The cookies returned by the site are stored in the file cookies.txt.

$ch = curl_init();

$opts = array(
    CURLOPT_URL=> $projectUrl,
    CURLOPT_POST=> true,
    CURLOPT_FOLLOWLOCATION=> true,
    CURLOPT_RETURNTRANSFER=> true,
    CURLOPT_COOKIEJAR=> 'cookies.txt',
    CURLOPT_POSTFIELDS=> http_build_query($data),
);

curl_setopt_array($ch, $opts);

$ret = curl_exec($ch);

curl_close($ch);

I've confirmed that the login is successful (because the value of $ret is the content of the page behind the form.

Next, I have a little bit of code which parses the cookie file written by curl and does a set_cookie for each cookie.

As far as I can tell, this is always just the PHPSESSION cookie.

$cookies = parseCookieFile('cookies.txt');
foreach($cookies as $c) {
    if(!setcookie($c["name"], $c["value"], $c["expires"], $c["path"], $c["domain"], $c["secure"])) {
        echo "ERROR: Could not write cookie {$c["name"]}<br />";
    }
}

My hope was, having done all this on the backend, I'd be able to browse to the site I logged into and it would detect the session cookies and pass me on through.

Unfortunately, this is not the case. I just end up back at the login form.

Is there some stupid/obvious reason why this isn't going to work?

Mark Biek
  • 146,731
  • 54
  • 156
  • 201
  • You need to use `curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');` – Farkie Apr 06 '14 at 21:55
  • My understanding was that CURLOPT_COOKIEFILE was if I wanted successive curl calls to use the same cookies. I want to carry the cookies generated from the server-side code over to the end-user's browser. – Mark Biek Apr 06 '14 at 21:57
  • @MarkBiek no! you can not set other site's cookie into user's browser. Its a security issue. – Sabuj Hassan Apr 07 '14 at 06:57
  • Oh I understand... You can't set cookies for another domain - that'd be a huge security vuln – Farkie Apr 07 '14 at 07:06
  • That makes sense. I just wasn't sure since PHP does actually let me write the cookies. The browser just doesn't appear to recognize them. One of you should post that as an answer so I can accept it :) – Mark Biek Apr 07 '14 at 12:18
  • possible duplicate of [Cross domain cookies](http://stackoverflow.com/questions/1084114/cross-domain-cookies) – Mark Biek Apr 07 '14 at 12:30
  • Actually, I found this question which answers things nicely so I'm voting to close mine: http://stackoverflow.com/questions/1084114/cross-domain-cookies – Mark Biek Apr 07 '14 at 12:30

0 Answers0