How to store PHP CURL cookies internally and pass them to another curl request?

Question

Hello Stackoverflow community,

I have a really annoying issue with PHP CURL cookies that I have been trying to solve for months with no success.

I have two CURL functions that run subsequently to login a user to an external site and then get a page from that site, which contains useful data.

Here's the login function:

function login($url, $data) {
  $login = curl_init();
  curl_setopt($login, CURLOPT_COOKIEJAR, 'cookies_' . session_id() . '.txt');
  curl_setopt($login, CURLOPT_TIMEOUT, 30000);
  curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE);
  curl_setopt($login, CURLOPT_SSL_VERIFYPEER, FALSE);
  curl_setopt($login, CURLOPT_SSL_VERIFYHOST, FALSE);
  curl_setopt($login, CURLOPT_URL, $url);
  curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE);
  curl_setopt($login, CURLOPT_POST, TRUE);
  curl_setopt($login, CURLOPT_POSTFIELDS, $data);
  $content = curl_exec ($login);
  curl_close ($login);
  unset($login);
  unset($data);
  return $content;
}

And the data fetching function which uses the cookie file generated by the login function to identify that the user has logged in:

function grab_data($url) {
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies_' . session_id() . '.txt');
  curl_setopt($ch, CURLOPT_TIMEOUT, 30000);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
  $content = curl_exec($ch);
  curl_close($ch);
  unset($ch);
  unset($data);
  return $content;
}

Now, onto the problem. The login function works fine, but the problem is that it has to save the cookies that external site generates to a file on the server. If a lot of users are logging that puts a lot of load on the server, is impractical and is a security hole because it saves personal user cookies to a file on the server, which is widely accessible. The cookies are very important because they contain session information and are required for the data fetching function to get the user data from the external site. So, I want to somehow store the personal user cookies internally, perhaps in a PHP variable but I have a hard time achieving that. I have already tried methods suggested in this question, which suggest setting CURLOPT_HEADER to true and then using preg_match to extract the cookies from header but I had no luck because:

If I disable CURLOPT_COOKIEJAR in the login function, the login fails.
If I set CURLOPT_COOKIEJAR to something like '-', login works, but then I have problem in the data fetching function because I don't know how to pass the extracted cookies to the data fetching function (I tried many methods and nothing worked except the CURLOPT_COOKIEFILE variant.

Can anyone give me a working solution for storing cookies internally and the passing them to another request? If it is not possible to do that with CURL, can you suggest another approach to acomplish this?

Thanks is advance. It is a really long post but I wanted to include as much information as I could, so you can better understand my needs.

you can do the login and the page pull in one then delete the cookie. — Lawrence Cherone, Jun 04 '17 at 18:40
@Lawrence Cherone I already do what you mentioned but I said that it puts a lot of unnecessary load on the server. — Gustas, Jun 04 '17 at 18:44
30000 seconds is going to kill your server waiting if one of the requests break.. thought about offloading it all to a job queue, as its going to cause "load" even with 2 users. — Lawrence Cherone, Jun 04 '17 at 18:51

Egorrishe · Answer 1 · 2017-06-04T18:51:28.063

0

The easiest way is:

to store cookie-files in separate directory
set permission chmod('path/to/dir', 0600);

2nd way - if you use apache you can deny access this way

edited Jun 04 '17 at 18:51

answered Jun 04 '17 at 18:45

Egorrishe

21
5

Thanks for suggestion, I'm kind of doing the same thing already but with different permissions. I'm, actually, asking for a solution that allows me to store cookies internally without saving about 15KB of data to the server. But thank you anyway! – Gustas Jun 04 '17 at 19:23
@Gustas So, after many tries you understood, that resolving of your question directly is bad idea. =) And my suggestion is the best solution in your situation. Beside that you asked _"to suggest another approach to acomplish this"_. It would be logical to "accept my answer as the best answer", don't you think? =) – Egorrishe Jun 05 '17 at 09:43
Yeah, I could mark your answer as the best one but I didn't want to give up and did some more research. Finally, I managed to find a solution to do everything the way I wanted, so I think that I am going to answer my question myself. You can take a look at 2nd answer [here](https://stackoverflow.com/questions/1486099/any-way-to-keep-curls-cookies-in-memory-and-not-on-disk) (<- this is a link), if you are interested in the solution. At the end, yes, I agree, that your suggestion is the best "_another approach_" but, perhaps, I can do this my way. – Gustas Jun 05 '17 at 13:13

How to store PHP CURL cookies internally and pass them to another curl request?

1 Answers1