0

Is it possible to load a cookie used by cURL into a PHP Session? If so, how would I go about doing this?

Can I load the stuff from the cookie into a PHP Session variables, then delete the cookie and move from page to page with the data? Or does the cookie have exist until the session is closed?

hakre
  • 193,403
  • 52
  • 435
  • 836
devzspy
  • 29
  • 1
  • 3
  • Possible dup of: http://stackoverflow.com/questions/895786/how-to-get-the-cookies-from-a-php-curl-into-a-variable – Jesse Bunch Jan 03 '12 at 00:16

1 Answers1

0

Depends on what this cookie is. If you're using curl to (say) log someone into Facebook by remote, you will not be able to set a facebook specific cookie on the client browser and have it be useable by Facebook. Remember, cookies are always set for their originating domain only. You could use curl to do the Facebook login sequence, extract the Facebook session cookie, and then send that cookie name/value pair to the client.

But as far as the client is concerned, that cookie came from your server's "example.com", not "facebook.com", so when the client then goes on to Facebook, they're not logged in, because the client has cookie that originated from facebook.com.

Even if it's not a login cookie and it's just a session ID, that session will not be properly useable by anything but code running on your server on behalf of the user, again because of this originating server security policy.

Marc B
  • 356,200
  • 43
  • 426
  • 500
  • Alright, so how would I get cURL to the login sequence, extract the session cookie, and sned it to the client? Basically I don't want any copies of their cookie after the cURL script logs them (so I am not considered phishing) – devzspy Jan 03 '12 at 07:13
  • even if you did, the cookie would be shown as originating from YOUR server, not from whatever site you're proxying the login for. The session token would be useless, as the client's browser would only send it to your site, not the other one. – Marc B Jan 03 '12 at 12:36
  • So there is no way for me to actually use that cookie in a way that I can pass it from one page of mine to the next? Or so that I can delete it once I have the info from it? I'd rather not have the cookie on my server. Otherwise the user has to always type the name of the cookie for it to be utilized on the site I am designing. – devzspy Jan 03 '12 at 19:37