Home/ Questions/Q 6230511
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T09:45:51+00:00

I am building an application that is built upon an API that requires Basic

  • 0

I am building an application that is built upon an API that requires Basic Authentication. I have made many calls and wrapped up the CURL requests inside a class that I’ve made,

I’m using a cookie jar that I use like this:

curl_setopt($curl_handle, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($curl_handle, CURLOPT_COOKIEFILE, "cookie.txt");

I am trying to keep sessions by using cookie.txt to store the cookies and its been working great. However, today I came across an alarming discovery. When someone else (on a different computer) goes to my app, they can see my session information (probably because it’s using the same file as reference for the session). I have thought that perhaps I could generate a new “cookie jar” for each visitor, but this will probably not work when it goes to production. The quantity of users is going to be in the thousands at least, so I think this means that I would need a cookie file for each visit right?

This doesn’t seem practical and not to mention that I would have to create the cookie file programmatically. Has anybody else come across this issue before? Any suggestions would be a real help.

Perhaps there’s a CURL setopt solution that would uniquely distribute the cookies amongst visits?

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you can expose the cookie to the user if you turn on curl_setopt($curl_handle, CURLOPT_HEADER,1) the headers returned by the curl exec will be present a the top of the content, you could match these out of the top of the content and pass them to the clients browser for retention, then pass any user cookies back through the curl process for the next request.

    something crude I made a while ago:

      if(is_array($_COOKIE))
  {
    foreach($_COOKIE as $cookiename => $cookievalue)
    {
      if($cookievalue)
      {
        if(get_magic_quotes_gpc())
        {
          $cookievalue = stripslashes($cookievalue);
        }
        $cookies[] = $cookiename .'='. urlencode($cookievalue);
      }
    }
    if(is_array($cookies))
    {
      curl_setopt($curl_handle, CURLOPT_COOKIE,implode('; ',$cookies));
    }
  }

    after the curl exec

      preg_match_all('%HTTP/\\d\\.\\d.*?(\\r\\n|\\n){2,}%si', $curl_result, $header_matches);
  $headers = split("\r\n", str_replace("\r\n\r\n",'',array_pop($header_matches[0])));
  if(is_array($headers))
  {
    foreach ($headers as $header)
    {
      preg_match('#(.*?)\:\s(.*)#', $header, $header_matches);
      if(isset($header_matches[1]))
      {
        $headers[$header_matches[1]] = $header_matches[2];
      }
      // SET THE COOKIE
      if($header_matches[1] == 'Set-Cookie')
      {
        header('Set-Cookie: ' . $header_matches[2],false);
      }
    }
  }
  # Remove the headers from the response body
  $curl_result = preg_replace('%HTTP/\\d\\.\\d.*?(\\r\\n|\\n){2,}%si','',$curl_result);
    • 0