How To Set Browser Cookies With Curl

I have a curl function as shown below. To load this function i use this <img src="" height="1" width="1" /> but when i do that cookies dont get added to my browser. Is there a way so that when the curl run on the url i collect the cookies from the url and set it to the browser of using accessing <img src="" height="1" width="1" />

function get_content($url,$ref)
$browser = $_SERVER['HTTP_USER_AGENT'];
$ch = curl_init();

$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$header[] = "Pragma: "; // browsers keep this blank.

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $browser);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $ref);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
$html = curl_exec($ch);
curl_close ($ch);
return $html;
Who is Participating?
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
No, doesn't work that way.  Cookies are not part of the HTML, they have to be set in the response header.  You could get the values from the curl response header.  But I don't know what good it will do you.  Cookies are only good on the domain that set them.  Even faking the referer like you were talking about doesn't change that.
astonishinAuthor Commented:
It can be done you dont understand what i want
Dave BaldwinFixer of ProblemsCommented:
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Mohamed AbowardaSoftware EngineerCommented:
PHP cURL make request from the server-side not the client-side, so the only way is that you can get information from cURL header and set cookies using your own PHP script.

To grab cookies using cURL:
$ch = curl_init('');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
$result = curl_exec($ch);
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $c);

Open in new window

Ray PaseurCommented:
Welcome to EE, astonishin.  Here are some general guidelines to make your use of this site more enjoyable and productive for you...

At EE, the experts exchange answers and advice for points.  If you look at the questions awaiting answers in this zone, you will see a lot of 500 point questions.  Your question is competing for the experts' attention among those high-point questions.  So as a matter of simple economics you might be able to envision which questions will get the experts' attention first.   Just a thought.

We are experts, but not mind readers.  Inquiries that are broad, vague and hypothetical may not get answers that are as succinct and effective as inquiries that have actual URLs, complete code examples, and clearly expressed questions.  "It doesn't work" is not an error message.  Whenever possible, please provide the inputs and tell us what you want for the outputs.  An incredibly important concept is the SSCCE; please read the online page and embrace the SSCCE strategy.  If you do not have the SSCCE, stop what you're doing and create one, and post it with your question.  And please accept that sometimes the right answer is, "Don't do that -- it doesn't work that way."

If you want us to be able to share working code, we need you to show us where you have put your test data.  If you have no test data, please create some.  We do not want you to post "live" passwords and such.  Instead, please set up a testbed and show us the links to that, instead of the live data.

We answer questions and provide teaching examples, but we cannot build applications for you.  If you do not understand the basics of computer science and the programming languages involved in your applications, you might be better off to hire a developer.  Often a great deal of trial and error, plus a depth of knowledge and background information is necessary to get a piece of an application working.  The experts will try to help, but sometimes the only reasonable answer is, "Please read the fine manuals" or "Be respectful of your time; don't take a year learning information technology -- hire a professional developer and you'll get good results in a couple of weeks."

All of us who have been at EE for a while have seen questions like, "How do I do 'X' in 'Y' language, and by the way, I do not know anything about 'Y' language."  For some reason we never see anyone ask, "I want to play a piano sonata, and by the way, I have never taken piano lessons."  It is hardly a sin if you do not know a particular programming language -- I do not know most of them -- but it is not reasonable to expect that you will learn a programming language by asking questions in an online forum, any more than you could learn to play the piano by asking questions in an online forum.  Instead your best question might be, "What are good learning resources to get a foundation in 'Y' language?"  We are glad to help with that.

To the particulars of your question: cURL is used to read from a "resource" such as a file or URL.  You might be able to force it to work, but it's not the right tool to set cookies.  PHP setcookie() is used to set a cookie on a browser.  If you set up cURL correctly, you can store browser cookies in a "cookie jar" text file.  Or you can use the $_COOKIE array to see the cookies that the browser returned to your server-side script.

Best regards, ~Ray
astonishinAuthor Commented:
I setup it so it stores the cookies in a text file as cookies.txt this works but how do i get those cookies in the user browser? thats what i want to achieve.
Ray PaseurConnect With a Mentor Commented:
Let me try this one again:
PHP setcookie() is used to set a cookie on a browser.
All of the PHP functions are documented in the online man pages.  You can learn more here:

Best of luck with your project, ~Ray
astonishinAuthor Commented:
Im not that good at coding, when i run the curl i get these cookies saved in my cookies.txt how can i put them in browser?
Ray PaseurCommented:
The cookies are already on the browser.  The browser can only return cookies that it already has!

If you want to change the values of the cookies, read the cookies.txt file and print it out to see what it looks like.  Then you can modify your script to copy the existing values, change them into anything you want, and put the changed values into the setcookie() function call.  Also, be aware that cookies are HTTP headers and it is a law of HTTP that all headers must come first and be complete before any browser output, so do not leak anything (not even invisible whitespace) to the browser before the setcookie() function completes.
gr8gonzoConnect With a Mentor ConsultantCommented:
astonishin, different browsers store their cookies in different locations. Trying to push a cookie into any browser is easier said than done, especially on newer versions of operating systems.

In short, it's going to be nearly impossible to do unless you have complete control over the client-side file system and are running a separate application that can interact with the Win32 API (e.g. Internet Explorer runs in different permission modes).

Trying to push a cookie to the browser via setcookie() will only work on the same domain. For example,  if a user goes to, I cannot create or access cookies for All browsers will disallow this for security purposes.

My guess, based on previous questions, is that you're trying to get cookies from one domain and copy them into the browser (e.g. to enable automatic login), but trust me, this cannot be done reliably.
astonishinAuthor Commented:
ok using your example is there a way to fake cookies and make it seem as its from paypal?
Ray PaseurConnect With a Mentor Commented:
No, you cannot set a cookie for a domain other than your own.  And if you find a way to do it, the security forces will find a way to shut it down.  This sort of activity would seem to tread perilously close to criminal fraud; I recommend that you not even attempt to do such a thing.
astonishinAuthor Commented:
I need a way to fake referrer to a link load from <img src"l">

This is all i want to do.
Ray PaseurCommented:
Any answer we could give you would depend on your background in computer science.  Please tell us a little more about that and about the site you're targeting, and why you want to fake the referrer.  It's possible, but the explanation would be different depending on your depth of knowledge and your application requirement to provide false information to a web site.
astonishinAuthor Commented:
Im just a 18 year old self taught programmer, I will be faking the referrer to my own site everything works when i use a iframe to load my php script but when i load with <img> it doesn't work. The reason it doesn't work is because theres html inside the php im loading with <img>. To make it work i tried curl, curl worked great but cookies dont get set in my browser.

The html inside the php is a self submit form that simulates a user click, Is there a way to just remove the form and use $_POST with set variables to simulate user click?

Are you on skype to talk @ray ?
You should think of cURL as its own separate browser. It has no ties to IE, Firefox, Chrome, or whatever browser you use. Just like Firefox has its own cookies and IE has its own cookies, cURL can also be enabled with cookies, but it needs a file to store the cookie data in. This is specified with the CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR options. The COOKIEJAR option is for storing the cookies that cURL receives, and COOKIEFILE is for sending the cookie information on subsequent requests, so you can log in and then do additional, authenticated requests. Just set both options to "cookie.txt" or something like that.

curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

But again, this does not set the cookies in your IE/FF/Chrome browser. It simply allows cURL to send and receive cookies like a normal browser does.

You will not be able to set a cookie in your IE/FF/Chrome browser for a different domain. Like Ray and I have both said, this is simply a technical limitation due to security restrictions. If it could be done, there would be a lot more security problems on the internet, and you probably would not have financial services online at all.

If you have a form that you want to programmatically click, you can use Javascript to do that, but your browser is going to fill in the proper referrer.

Out of curiosity, if it's your own site, why are you faking the referrer? When you have control over the source and destination sites, it seems like there should be a lot of other options open here...
Ray PaseurCommented:
No, I do not have a Skype account for an offline conversation, and that kind of conversation is contrary to the rules of engagement in the dialog at EE.  And I am suspicious of "faking the referrer" even if that is to your own site.  I recommend that you follow the principles and guidelines that all web developers follow -- clarity of purpose and vision, transparency, openness, etc.

I have to sign off on this question now because it smells funny and potentially deceitful to me.  Best of luck with your project, ~Ray
astonishinAuthor Commented:
I've requested that this question be deleted for the following reason:

useless responses didnt help me no answer here
Objecting to the deletion of the question. Several informative answers were provided. It seems the asker did not like the "you cannot do that" answer and is deleting the question rather than accepting the result.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.