How to save cookies from cURL request

Cookies preserve state across stateless HTTP requests so that authenticated sessions, shopping carts, and user preferences remain consistent between calls. Saving cookies from cURL requests enables automated workflows to behave like a browser, avoiding repeated logins or re-sending credentials on every request. This is especially useful for scripted integrations with web applications that rely heavily on session cookies.

When cURL runs with --cookie-jar, it writes cookies that the server sets into a file using the classic Netscape cookie format. Subsequent requests can load this file with --cookie so the server associates them with the same session. Using the same file as both the source and destination updates cookies as they change, keeping the session in sync without manual parsing.

Cookie files often contain session identifiers or other sensitive tokens, so storage location and lifecycle matter. Using a dedicated cookie file per target site, restricting file permissions, and deleting the file when it is no longer required reduces attack surface. The steps below assume that cURL is already installed and focus on managing cookies at the command line for any environment that provides a standard shell.

Steps to save cookies from cURL request:

Open a terminal with access to the desired working directory.
```
$ pwd
/home/user
```
Send an initial HTTP request with --cookie-jar to write server-set cookies to a local file.
```
$ curl --cookie-jar cookies.txt "https://www.example.com/login"
<html>
<head>
##### snipped #####
</head>
<body>
Login successful
</body>
</html>
```
Cookies set by the server are written to cookies.txt at the end of the request so that later calls can reuse the same session.
Inspect the saved cookie file to confirm that cookies were written in Netscape cookie format.
```
$ cat cookies.txt
# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
.example.com   TRUE   /   FALSE   1735689600   sessionid   abc123example
##### snipped #####
```
The first lines of the file identify the Netscape cookie format, followed by tab-separated fields for domain, path, flags, expiry, name, and value.
Reuse the cookie file in a subsequent request by loading it with --cookie to maintain the authenticated session.
```
$ curl --cookie cookies.txt "https://www.example.com/profile"
{"user":"demo","status":"logged_in"}
```
A response that includes authenticated-only data, such as a profile JSON object or dashboard HTML, indicates that the session cookie worked.
Allow cookies to update across calls by combining --cookie and --cookie-jar with the same filename.
```
$ curl --cookie cookies.txt --cookie-jar cookies.txt "https://www.example.com/update-profile"
{"status":"ok","action":"profile_updated"}
```
Cookie files can contain sensitive session tokens; storing them in world-readable locations or version control can expose accounts to unauthorized access.
Verify cookie-based session persistence by requesting a protected resource whose response content indicates an authenticated state.
```
$ curl --cookie cookies.txt "https://www.example.com/profile" | grep "logged_in"
{"user":"demo","status":"logged_in"}
```
Repeated successful access to authenticated resources without re-sending credentials signals a working cookie-based session.
Remove the cookie file after testing when it is no longer needed to reduce the risk of unauthorized reuse.
```
$ rm --interactive=never cookies.txt
```
Deleting the cookie file terminates the saved session for future scripted calls, which prevents further use of the same session token from that file.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.