How Does wget Manage Session Cookies by Default?
The wget command-line utility handles session cookies by
keeping track of them temporarily in memory during a single execution,
but it does not save them to disk or reuse them across separate commands
by default. While wget can receive and process
Set-Cookie headers from a server during a file download
session—allowing it to follow redirects or access multi-part downloads
that require a valid session—all of that cookie data is discarded the
moment the command finishes running. To persist cookies between
different wget commands, users must explicitly instruct the
utility to save and load cookie data using specific command-line
flags.
The Default In-Memory Behavior
When you run a standard wget command without any
cookie-related modifiers, the utility acts as a stateless HTTP
client.
- Active Processing: If a server responds with a
Set-Cookieheader,wgetparses it and stores it in an internal, temporary memory cache. - Subsequent Requests: If the initial request
triggers a redirect (like an HTTP 302) to another page on the same
domain,
wgetwill automatically send that stored session cookie back to the server in the next request. - Session Termination: As soon as the requested files
are downloaded and the
wgetprocess exits, that temporary memory cache is completely wiped. No cookie files are written to your local directory.
Because of this default behavior, running two consecutive
wget commands against a website that requires
authentication will result in two entirely independent sessions. The
second command will not look for or recognize any session state
established by the first command.
How to Bypass the Default Behavior
If you need wget to mimic a standard web browser by
remembering your session cookies across multiple commands, you have to
override the default behavior using the --save-cookies and
--load-cookies options.
| Command Flag | Function | Purpose |
|---|---|---|
--save-cookies <filename> |
Saves current session cookies to a text file. | Captures the session state after logging in or hitting a landing page. |
--load-cookies <filename> |
Reads previously saved cookies from a text file. | Authenticates subsequent requests using the established session. |
--keep-session-cookies |
Forces wget to save cookies that have no expiration
date. |
Prevents wget from discarding temporary “session-only”
cookies when saving to a file. |
To properly maintain a session, a typical two-step workflow looks like this:
# Step 1: Log in and save the session cookies to a file
wget --save-cookies cookies.txt --keep-session-cookies --post-data 'user=myuser&pass=mypass' http://example.com/login
# Step 2: Use the saved cookies to download a protected file
wget --load-cookies cookies.txt http://example.com/protected-file.zipWithout adding the --keep-session-cookies flag in the
first step, wget will ignore cookies that lack an explicit
expiration timestamp (which is how most modern web application session
cookies are configured) and will write an empty file to your disk.