I have a curl script that is used to remote control a login a (government) website. The website has a government-wide login system that uses 5 redirects over various servers. I found the login works when I set CURLOPT_COOKIEJAR, however I don’t understand why this is necessary.
http://www.php.net/manual/en/function.curl-setopt.php states:
CURLOPT_COOKIESESSION
TRUE to mark this as a new cookie "session". It will force libcurl to
ignore all cookies it is about to load that are "session cookies" from
the previous session. By default, libcurl always stores and loads all
cookies, independent if they are session cookies or not. Session
cookies are cookies without expiry date and they are meant to be alive
and existing for this "session" only.
So it would appear the default behavaiour is to retrieve and resend all cookies?
I would try to understand why my trial and error method was successful
CURL_COOKIEJAR is simply the file which the cookies which curl automatically parses are stored in. CURL_COOKIESESSION on the other hand is a directive that tells curl that any of the cookies it stored which are considered “session” cookies should be ignored. As such, to actually store the parsed cookies on your system at all, CURL_COOKIEJAR must be set to the location. What is actually meant by that statement about storing/loading is that by default, regardless if the cookie was a “session” cookie or not, if it was stored in the cookiejar it will be sent with the request.