How to pass session values from one request to another request consecutively using cURL in PHP?

Question

When a first request is made, a session id is created. The same session id is being carried to the second request.

In my third request, a new session ID is created for successful login but when I'm printing the session ID for the third request the response is giving a different session id. Why is this happening? And I want to send the session id that I got in the 3rd response to the 4th?

How to achieve this?

This is my code:

<?php
$fp = fopen("cookies.txt", "w");
fclose($fp);
$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_HEADER => TRUE,
    CURLOPT_RETURNTRANSFER => TRUE,
    CURLOPT_URL => 'https://192.168.2.35/cgi-bin/common/login/webLogin',
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,
    CURLOPT_COOKIESESSION => TRUE,
    CURLOPT_COOKIEFILE => "cookies.txt",
    CURLOPT_COOKIEJAR => "cookies.txt",
    CURLOPT_FOLLOWLOCATION => TRUE,
    CURLOPT_AUTOREFERER => TRUE,
));
$result = curl_exec($curl);

if (!curl_exec($curl))
{
    die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
}

echo "<h2>Response 1</h2>";
print_r($result);
$cookies = curl_getinfo($curl, CURLINFO_COOKIELIST);
print_r($cookies);

// #######################################################################################

$fields = array(
    'userName' => 'dadmin',
    'logonButton' => 'Logon',
    'actionStep' => 2,
);
$fields_string = http_build_query($fields);
curl_setopt_array($curl, array(
    CURLOPT_HEADER => TRUE,
    CURLOPT_RETURNTRANSFER => TRUE,
    CURLOPT_URL => 'https://192.168.2.35/cgi-bin/common/login/webLogin',
    CURLOPT_POST => TRUE,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,
    CURLOPT_POSTFIELDS => $fields_string,
    CURLOPT_FOLLOWLOCATION => TRUE,
    CURLOPT_COOKIESESSION => TRUE,
    CURLOPT_AUTOREFERER => TRUE,
));
$resp = curl_exec($curl);

if (!curl_exec($curl))
{
    die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
}

echo "<h2>Response 2</h2>";
print_r($resp);
$cookies = curl_getinfo($curl, CURLINFO_COOKIELIST);
print_r($cookies);

// ################################################################################################

$fields = array(
    'userName' => urlencode('dadmin') ,
    'pa55word' => urlencode('dadmin01') ,
    'logonButton' => urlencode('Logon') ,
    'actionStep' => urlencode(3) ,
);
$fields_string = http_build_query($fields);
curl_setopt_array($curl, array(
    CURLOPT_HEADER => TRUE,
    CURLOPT_RETURNTRANSFER => TRUE,
    CURLOPT_URL => 'https://192.168.2.35/cgi-bin/common/login/webLogin',
    CURLOPT_POST => TRUE,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,
    CURLOPT_POSTFIELDS => $fields_string,
    CURLOPT_FOLLOWLOCATION => TRUE,
    CURLOPT_COOKIESESSION => TRUE,
    CURLOPT_AUTOREFERER => TRUE,
));
$response = curl_exec($curl);

if (!curl_exec($curl))
{
    die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
}

echo "<h2>Response 3</h2>";
print_r($response);
echo "<br/>";
$cookies = curl_getinfo($curl, CURLINFO_COOKIELIST);
print_r($cookies);

// ###########Login Completed##################

curl_setopt_array($curl, array(
    CURLOPT_COOKIESESSION => TRUE,
    CURLOPT_HEADER => TRUE,
    CURLOPT_RETURNTRANSFER => TRUE,
    CURLOPT_URL => 'https://192.168.2.35/cgi-bin/msg/mango/admin/controller/SubscriberMgmt',
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,
    CURLOPT_FOLLOWLOCATION => TRUE,
    CURLOPT_AUTOREFERER => TRUE,
));
$result = curl_exec($curl);

if (!curl_exec($curl))
{
    die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
}

echo "<h2>Response 4</h2>";
print_r($result);
echo "<br/>";
$cookies = curl_getinfo($curl, CURLINFO_COOKIELIST);
print_r($cookies);
exit;
?>

Answer 1

You have to specify the cookie file in each request, not only in the first one or two:

CURLOPT_COOKIEFILE => "/tmp/cookies.txt",
CURLOPT_COOKIEJAR => "/tmp/cookies.txt",

Also make sure the file is actually writable:

$cookieFile = '/tmp/cookies.txt';
if (! is_readable($cookieFile) || ! is_writable($cookieFile)) {
    throw new \Exception(
        'Cookiefile ' . $cookieFile . ' is not writable or readable.'
    );
}

Answer 2

1. delete all CURLOPT_COOKIESESSION => TRUE, it save only one cookie, not rewrite it
2. $fcookies = __DIR__."/cookies.txt"; init file name
3. Add in all req CURLOPT_COOKIEFILE => $fcookies, CURLOPT_COOKIEJAR => $fcookies,

---

Parse step 3

echo "<h2>Response 3</h2>";
print_r($response);

$new_sid = explode("sessionId=",$response);
$new_sid = explode(";",$new_sid[1]);
$new_sid = $new_sid[0];

file_put_contents($fcookies,"192.168.2.35 FALSE / TRUE 0 sessionId ".$new_sid);

echo "<br/>";
$cookies = curl_getinfo($curl, CURLINFO_COOKIELIST);
print_r($cookies);

$curl = curl_init();

---

Wget way

wget --load-cookies cookie.txt --save-cookies cookie.txt -S -O step1.txt --no-check-certificate https://192.168.2.35/cgi-bin/common/login/webLogin
cat cookie.txt
wget --load-cookies cookie.txt --save-cookies cookie.txt -S -O step2.txt --post-data "userName=dadmin&logonButton=Logon&actionStep=2" --no-check-certificate https://192.168.2.35/cgi-bin/common/login/webLogin
cat cookie.txt
wget --load-cookies cookie.txt --save-cookies cookie.txt -S -O step3.txt --post-data "userName=dadmin&pa55word=dadmin01&logonButton=Logon&actionStep=3" --no-check-certificate https://192.168.2.35/cgi-bin/common/login/webLogin
cat cookie.txt
wget --load-cookies cookie.txt --save-cookies cookie.txt -S -O step4.txt --post-data "motdContinue=Continue&actionStep=motdContinue" --no-check-certificate https://192.168.2.35/cgi-bin/common/loginMotd/w_motd
cat cookie.txt
wget --load-cookies cookie.txt --save-cookies cookie.txt -S -O step5.txt --no-check-certificate https://192.168.2.35/cgi-bin/msg/mango/admin/controller/SubscriberMgmt
cat cookie.txt

Answer 3

because you repeatedly tell curl to throw away all existing session cookies, here is the php documentation on CURLOPT_COOKIESESSION :

TRUE to mark this as a new cookie "session". It will force libcurl to ignore all cookies it is about to load that are "session cookies" from the previous session. By default, libcurl always stores and loads all cookies, independent if they are session cookies or not. Session cookies are cookies without expiry date and they are meant to be alive and existing for this "session" only.

• every time you set CURLOPT_COOKIESSION, you tell curl to throw away all existing session cookies, and you set that for every call. you don't actually need to set it at all, unless you want to clear the old pre-exiting cookies in the cookie jar. just get rid of ALL references to CURLOPT_COOKIESESSION - if your old cookies have expired, the server will just give you a new session in curl_exec().

btw you do this wrong:

$fields = array(
    'userName' => urlencode('dadmin') ,
    'pa55word' => urlencode('dadmin01') ,
    'logonButton' => urlencode('Logon') ,
    'actionStep' => urlencode(3) ,
);
$fields_string = http_build_query($fields);

here the username/password/etc will be double-urlencoded. the code should read:

$fields = http_build_query(array(
    'userName' => 'dadmin',
    'pa55word' => 'dadmin01',
    'logonButton' => 'Logon',
    'actionStep' => 3,
));

because http_build_query DOES url-encoding, http_build_query is practically implemented like this:

function http_build_query(array $data):string{
    $ret='';
    foreach($data as $key=>$val){
        $ret.=urlencode($key)."=".urlencode($data)."&";
    }
    $ret=substr($ret,0,-1);
    return $ret;
}