cURL cookiejar line commented out with #HttpOnly_?

Question

I'm trying to login to a PunBB forum from a different page on the same domain using cURL.

When logging in, cURL gets executed and its initial response is the 'successful login' page of the forum. However no cookie got set thus when clicking any link in that forum, and I'm logged out.

After a bit of investigating my cookiejar file mentions the cookie needed to login. If I create this cookie and its value manually inb my browser, I am successfully logged in and all is well. So the cookie value stored is correct.

The line containing my cookie name/value in the cookiejar is however commented out.

first question: Why? second: How to prevent that behavior?

Here's my cookiejar:

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

www.example.com FALSE   /   FALSE   0   PHPSESSID   3d7oe6vt3blv3vs3ea94nljcs7
#HttpOnly_www.example.com   FALSE   /   FALSE   1340974408  forum_cookie_e19209 MnwyYWQ4OGViNDI2NjE5MWEwMGZiNGZkNDFmZDY5ZDZhYjM5OTA5NDVjfDEzNDA5NzQ0MDh8OTU0NTExOGZhNWNlNGY5OGMzZDk3MmE0NDlmMWRjNzM3ZjI1NzMxOA%3D%3D

And here's my curl call:

function forumLogin() {
    $loginFields = array('req_username' => $_REQUEST['username']
                        ,'req_password' => $_REQUEST['password']
                        ,'form_sent' => "1"
                    ); //and so on
    $login = getUrl('http://www.example.com/manager/forum/login.php', 'post', $loginFields);
   return $login;
}

function getUrl($url, $method='', $vars='') 
{
  $ch = curl_init();
  if ($method == 'post') {
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $vars);
  }
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
  curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
    $buffer = curl_exec($ch);
  curl_close($ch);
  return $buffer;
}

// successful login so reset fail count and update key values
if(isset($_SESSION['mgrValidated'])) {
    $sql = "update $dbase.`".$table_prefix."user_attributes` SET failedlogincount=0, logincount=logincount+1, lastlogin=thislogin, thislogin=".time().", sessionid='$currentsessionid' where internalKey=$internalKey";
    $rs = mysql_query($sql);
    var_dump( forumLogin() );
}
exit;

Answer 1

The #Httponly_ prefix on a line is not a comment. It is a magic string to tell the browser/client that the cookie in question is a httponly one. curl will understand that and deal with it accordingly.

I don't understand the part about clicking on things as I don't see how that is related or relevant to your curl-using program.