PHP and cURL cookies
https://stackoverflow.com/questions/1625111
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to setup a php page which uses cURL to hit a third party server to log them in. Right now my code does successfully log in to the third party server, but since cURL is not sending the SESSION cookies to the user, the user must login in themselves
How can I get cURL to forward cookies to the client. Thanks
Solution
Check out the documentation for the following cURL options:
CURLOPT_COOKIE
CURLOPT_COOKIEFILE
CURLOPT_COOKIEJAR
EDIT
After reading your question more thoroughly, I'm afraid to tell you there is NO way to write the cookies to the client browser unless you redirect the client to the site you are attempting authorize them on. Browser cookies operate on a security model known as Same Origin Policy. This basically means that domains can only issue cookies for their OWN domains and may not issue cookies for others domains. In your particular case:
client --CONTACTS--> foo.com --cURL-LOGIN--> bar.com
bar.com --bar.com-COOKIE--> foo.com --foo.com-COOKIE--> client
client --foo.com-COOKIE--> bar.com (Will not work)
Basically, foo.com CAN NOT create cookies on the client for bar.com!
OTHER TIPS
The user's browser will most probably not allow you to set cookies for another domain anyway.
You can, in your PHP code, login and fetch a session cookie for (e.g.) Hotmail. But you won't be able to pass that session on to the user (so he/she would also be logged in).
This is because many browsers and configurations deny setting 3rd party cookies.
You can set the cookie in the user's browser without redirecting him to the server. what you need to do is get the user to hit your php page with the curl code in it. then you can take his post data and send this data to the server. But dont let the server redirct you. Set the option as CURLOPT_FOLLOWLOCATION as false and set CURLOPT_HEADER as true Now grab the header and extract the cookie and location headers and then pass those as headers to the client browser like header("Location: ...) and header("Set-Cookie: ....). you can also send other headers by extracting them too. the following [post] html page not getting cookies through libcurl has a similar situation
