Netscape HTTP Cooke File Parser In PHP

30th June 2011 - 5 minutes read time

I recently needed to create a function that would read and extract cookies from a Netscape HTTP cookie file. This file is generated by PHP when it runs CURL (with the appropriate options enabled) and can be used in subsequent CURL calls. This file can be read to see what cookies where created after CURL has finished running. As an example, this is the sort of file that might be created during a typical CURL call.

# Netscape HTTP Cookie File
# This file was generated by libcurl! Edit at your own risk.        FALSE        /        FALSE        1338534278        cookiename        value

The first few lines are comments and can therefore be ignored. The cookie data consists of the following items (in the order they appear in the file.

  • domain - The domain that created and that can read the variable.
  • flag - A TRUE/FALSE value indicating if all machines within a given domain can access the variable. This value is set automatically by the browser, depending on the value you set for domain.
  • path - The path within the domain that the variable is valid for.
  • secure - A TRUE/FALSE value indicating if a secure connection with the domain is needed to access the variable.
  • expiration - The UNIX time that the variable will expire on.
  • name - The name of the variable.
  • value - The value of the variable.

So the function used to extract this information would look like this. It works in a pretty straightforward way and essentially returns an array of cookies found, if any. I originally tried to use a hash character to determine the start of a commented line and then try to extract anything else that had content. It turns out, however, that some sites will add cookies with a hash character at the start (yes, even for the URL parameter). So it is safer to detect for a cookie line by seeing if there are 6 tab characters in it. This is then exploded by the tab character and converted into an array of data items.

 * Extract any cookies found from the cookie file. This function expects to get
 * a string containing the contents of the cookie file which it will then
 * attempt to extract and return any cookies found within.
 * @param string $string The contents of the cookie file.
 * @return array The array of cookies as extracted from the string.
function extractCookies($string) {
    $cookies = array();
    $lines = explode("\n", $string);

    // iterate over lines
    foreach ($lines as $line) {

        // we only care for valid cookie def lines
        if (isset($line[0]) && substr_count($line, "\t") == 6) {

            // get tokens in an array
            $tokens = explode("\t", $line);

            // trim the tokens
            $tokens = array_map('trim', $tokens);

            $cookie = array();

            // Extract the data
            $cookie['domain'] = $tokens[0];
            $cookie['flag'] = $tokens[1];
            $cookie['path'] = $tokens[2];
            $cookie['secure'] = $tokens[3];

            // Convert date to a readable format
            $cookie['expiration'] = date('Y-m-d h:i:s', $tokens[4]);

            $cookie['name'] = $tokens[5];
            $cookie['value'] = $tokens[6];

            // Record the cookie.
            $cookies[] = $cookie;
    return $cookies;

To test this function I used the following code. This takes a URL ( in this case) and sets up the options for CURL so that when the page is downloaded it also creates a cookie file. This file is then analyzed using the above function to see what cookies are present therein.

// Url to extract cookies from
$url = '';

// Create a cookiefar file
$cookiefile = tempnam("/tmp", "CURLCOOKIE");

// create a new cURL resource
$curl = curl_init();

curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

// Set user agent
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20090910 Ubuntu/9.04 (jaunty) Shiretoko/3.5.3");

// set URL and other appropriate options
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, true);

curl_setopt($curl, CURLOPT_COOKIEJAR, $cookiefile);

$data = curl_exec($curl);

// close cURL resource, and free up system resources

// Extract and store any cookies found

When run, this function produces the following output.

    [0] => Array
            [domain] =>
            [flag] => TRUE
            [path] => /
            [secure] => FALSE
            [expiration] => 2013-06-29 10:00:01
            [name] => PREF
            [value] => ID=051f529ee8937fc5:FF=0:TM=1309424401:LM=1309424401:S=4rhYyPL_bW9KxVHI




it's good. but when cookies had string "#HttpOnly",it runs error. such as: ... TRUE / TRUE 1711001654 auth_token fd62834f676 ...

yaoruisheng (Mon, 03/24/2014 - 07:37)

Add new comment

The content of this field is kept private and will not be shown publicly.