Track Curl Sessions Across Multiple Requests

Maintaining user sessions across multiple cURL requests requires handling cookies effectively. Because cURL is a stateless command-line tool, it does not automatically store session data between independent executions. This article explains how to use cURL’s built-in cookie handling flags to capture, store, and send session cookies, allowing you to seamlessly simulate persistent user sessions across sequential API or web requests.

The Core Concept: Cookie Jar and Cookie Input

To track a session, you must save the session cookie (often containing a session ID like PHPSESSID or JSESSIONID) sent by the server during the initial request (such as a login) and send it back in all subsequent requests.

cURL accomplishes this using two primary options: * -c <file> (or --cookie-jar): Writes all cookies to a specified file after the request completes. * -b <file> (or --cookie): Reads cookies from a specified file and sends them with the request headers.

Step 1: The Initial Request (Saving Cookies)

When you make your first request—usually a login or authentication call—you must tell cURL to save the cookies returned by the server.

Run the following command to log in and save the session cookie to a file named cookies.txt:

curl -c cookies.txt -d "username=myUser" -d "password=myPassword" https://example.com/api/login

After running this command, cURL creates a standard Netscape-formatted cookie file named cookies.txt containing the session tokens generated by the server.

Step 2: Subsequent Requests (Using the Cookies)

To perform actions that require authentication, you must send the saved session cookies back to the server. Use the -b flag to point to the file created in the previous step.

curl -b cookies.txt https://example.com/api/dashboard

The server reads the incoming cookie, matches it with the active session on the backend, and processes the request as an authenticated user.

Step 3: Handling Multi-Step Sessions (Read and Write)

If your session involves a sequence of multiple steps where the server continuously updates or adds new cookies (such as navigating a multi-page checkout or wizard), you should both read from and write to the cookie file in every step.

To do this, combine the -b and -c flags in each command, pointing to the same file:

# Step 1: Authenticate and save session
curl -c cookies.txt -d "username=user" https://example.com/login

# Step 2: Access page, read session, and save any updated/new cookies
curl -b cookies.txt -c cookies.txt https://example.com/step-one

# Step 3: Access final page using the accumulated session state
curl -b cookies.txt -c cookies.txt https://example.com/step-two

By constantly updating the cookies.txt file, you ensure that expire times, session state updates, and security tokens remain synchronized with the server’s requirements.