What is a curl Cookie Jar and How It Works

In web automation, API testing, and web scraping, maintaining a continuous session across multiple HTTP requests is essential. This article explains the concept of a “cookie jar” in curl, a popular command-line tool for transferring data. You will learn what a curl cookie jar is, how it enables session persistence by saving and sending cookies, and the specific command-line flags required to use it effectively.

When you visit a website using a standard web browser, the server often sends “cookies”—small pieces of data used to identify your session, keep you logged in, or store preferences. The browser automatically saves these cookies and sends them back to the server with every subsequent request.

By default, the curl command-line tool is stateless; it does not remember cookies between separate commands. To solve this, curl uses the concept of a cookie jar. A cookie jar is simply a local text file on your computer where curl writes received cookies and from which it reads stored cookies to send back to the server. This allows curl to mimic browser behavior and maintain a continuous session.

Saving Cookies: The --cookie-jar (-c) Flag

To tell curl to write cookies to a file after a request finishes, you use the -c (or --cookie-jar) option followed by the filename.

curl -c cookies.txt https://example.com/login

When you run this command, curl makes the request, detects any Set-Cookie headers sent by the server, and writes those cookies into a file named cookies.txt in the Netscape cookie file format.

Sending Cookies: The --cookie (-b) Flag

Once you have saved cookies in your cookie jar, you need to send them back to the server in subsequent requests to maintain your session. To do this, use the -b (or --cookie) option followed by the filename.

curl -b cookies.txt https://example.com/dashboard

When curl executes this command, it reads the cookies from cookies.txt and includes them in the HTTP request headers. The server recognizes these cookies, allowing you to access restricted pages or keep a session active.

Combining Read and Write Operations

In many automation scripts, you will want to both read existing cookies and save any new or updated cookies that the server sends back. You can achieve this by using both flags in a single command:

curl -b cookies.txt -c cookies.txt https://example.com/profile

In this scenario, curl first loads the existing cookies from cookies.txt to authenticate the request, and then updates the same cookies.txt file with any new session data returned by the server.