Why are cookies visible in Django app browser dev tools but not via curl?

Question

I am trying to use curl via bash script to store cookies using curl -c cookies.txt https://www.mydjangoapp.com/ so that I can use the CSRF token in subsequent curl requests (using the -b cookies.txt option in subsequent commands).

However, when I run cat cookies.txt to view the contents, the file only contains the following:

# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

Additionally, the cookies aren't viewable in the response when using the verbose -v option either.

When I check the cookies returned via Chrome Developer Tools, I see all the cookies that I expect.

I have verified that cookies.txt is populated with cookies when running the curl command against other endpoints.

Any ideas about how this might happen? In particular, I'm trying to get the CSRF token, but this seems to be a more general cookie retrieval issue with curl and my Django application.

score 0 · Answer 1 · answered Nov 12 '19 at 19:23

This was happening because in the browser, I have already been navigating around as an authenticated user.

When I used curl to visit the login endpoint, cookies.txt was finally populated with the cookies I needed.

This StackOverflow post was essential to figuring this out.

Why are cookies visible in Django app browser dev tools but not via curl?

1 Answers1