<title>CURLOPT_COOKIELIST man page</title>
<meta name="generator" content="roffit">
<STYLE type="text/css">
-P.level0 {
+pre {
+ overflow: auto;
+ margin: 0;
+}
+
+P.level0, pre.level0 {
padding-left: 2em;
}
-P.level1 {
+P.level1, pre.level1 {
padding-left: 4em;
}
-P.level2 {
+P.level2, pre.level2 {
padding-left: 6em;
}
<p class="level0"><a name="NAME"></a><h2 class="nroffsh">NAME</h2>
<p class="level0">CURLOPT_COOKIELIST - add to or manipulate cookies held in memory <a name="SYNOPSIS"></a><h2 class="nroffsh">SYNOPSIS</h2>
-<p class="level0"><pre>
-<p class="level0">#include <curl/curl.h>
- <p class="level0">CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIELIST,
- char *cookie);
- </pre>
+<p class="level0"><pre class="level0">
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIELIST,
+ char *cookie);
+</pre>
<a name="DESCRIPTION"></a><h2 class="nroffsh">DESCRIPTION</h2>
<p class="level0">Pass a char * to a <span Class="emphasis">cookie</span> string.
<p class="level0">Such a cookie can be either a single line in Netscape / Mozilla format or just regular HTTP-style header (Set-Cookie: ...) format. This will also enable the cookie engine. This adds that single cookie to the internal cookie store.
+<p class="level0">If you use the Set-Cookie format and don't specify a domain then the cookie is sent for any domain and will not be modified. If a server sets a cookie of the same name (or maybe you've imported one) then both will be sent on a future transfer to that server, likely not what you intended. Either set a domain in Set-Cookie (doing that will include sub domains) or use the Netscape format as shown in EXAMPLE.
+<p class="level0">Starting in 7.43.0 the aforementioned any-domain cookies will not appear in the lists exported by <span Class="emphasis">CURLINFO_COOKIELIST(3)</span> and <a Class="emphasis" href="./CURLOPT_COOKIEJAR.html">CURLOPT_COOKIEJAR</a>.
<p class="level0">Additionally, there are commands available that perform actions if you pass in these exact strings:
<p class="level0"><a name="ALL"></a><span class="nroffip">ALL</span>
<p class="level1">erases all cookies held in memory
<p class="level1"><a name="DEFAULT"></a><h2 class="nroffsh">DEFAULT</h2>
<p class="level0">NULL <a name="PROTOCOLS"></a><h2 class="nroffsh">PROTOCOLS</h2>
<p class="level0">HTTP <a name="EXAMPLE"></a><h2 class="nroffsh">EXAMPLE</h2>
-<p class="level0">TODO <a name="AVAILABILITY"></a><h2 class="nroffsh">AVAILABILITY</h2>
+<p class="level0"><pre class="level0">
+/* This example shows an inline import of a cookie in Netscape format.
+You can set the cookie as HttpOnly to prevent XSS attacks by prepending
+#HttpOnly_ to the hostname. That may be useful if the cookie will later
+be imported by a browser.
+*/
+
+#define SEP "\t" /* Tab separates the fields */
+
+char *my_cookie =
+ "example.com" /* Hostname */
+ SEP "FALSE" /* Include subdomains */
+ SEP "/" /* Path */
+ SEP "FALSE" /* Secure */
+ SEP "0" /* Expiry in epoch time format. 0 == Session */
+ SEP "foo" /* Name */
+ SEP "bar"; /* Value */
+
+/* my_cookie is imported immediately via CURLOPT_COOKIELIST.
+*/
+curl_easy_setopt(curl, CURLOPT_COOKIELIST, my_cookie);
+
+/* The list of cookies in cookies.txt will not be imported until right
+before a transfer is performed. Cookies in the list that have the same
+hostname, path and name as in my_cookie are skipped. That is because
+libcurl has already imported my_cookie and it's considered a "live"
+cookie. A live cookie won't be replaced by one read from a file.
+*/
+curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "cookies.txt"); /* import */
+
+/* Cookies are exported after curl_easy_cleanup is called. The server
+may have added, deleted or modified cookies by then. The cookies that
+were skipped on import are not exported.
+*/
+curl_easy_setopt(curl, CURLOPT_COOKIEJAR, "cookies.txt"); /* export */
+
+res = curl_easy_perform(curl); /* cookies imported from cookies.txt */
+
+curl_easy_cleanup(curl); /* cookies exported to cookies.txt */
+</pre>
+
+<p class="level0"><a name="AVAILABILITY"></a><h2 class="nroffsh">AVAILABILITY</h2>
<p class="level0">ALL was added in 7.14.1
<p class="level0">SESS was added in 7.15.4
<p class="level0">FLUSH was added in 7.17.1
projects / platform / upstream / curl.git / blobdiff