Cookies
Orb supports sending cookies with requests and saving cookies from responses using the Netscape cookie file format (compatible with cURL).
Sending Cookies
Section titled “Sending Cookies”Inline Cookies
Section titled “Inline Cookies”Use -b or --cookie to send cookies:
orb -b "session=abc123" https://example.comMultiple cookies:
orb -b "session=abc123; user=alice" https://example.comFrom a Cookie File
Section titled “From a Cookie File”Prefix with @ to read from a file:
orb -b @cookies.txt https://example.comThe file should be in Netscape cookie format:
# Netscape HTTP Cookie File.example.com TRUE / FALSE 0 session abc123.example.com TRUE /api TRUE 0 auth_token xyz789Saving Cookies
Section titled “Saving Cookies”Use -c or --cookie-jar to save cookies from responses:
orb -c cookies.txt https://example.com/login -X POST -d "user=alice&pass=secret"This creates or overwrites cookies.txt with cookies from Set-Cookie headers.
Cookie Jar Workflow
Section titled “Cookie Jar Workflow”Combine -b and -c for a persistent cookie session:
# Login and save cookiesorb -c cookies.txt \ https://example.com/login \ -X POST \ -d "username=alice&password=secret"
# Use saved cookies for subsequent requestsorb -b @cookies.txt -c cookies.txt \ https://example.com/dashboard
# Logout and update cookie jarorb -b @cookies.txt -c cookies.txt \ https://example.com/logout \ -X POSTNetscape Cookie Format
Section titled “Netscape Cookie Format”Each line (non-comment) has 7 tab-separated fields:
| Field | Description |
|---|---|
| Domain | Cookie domain (.example.com for all subdomains) |
| Include Subdomains | TRUE if domain starts with . |
| Path | Cookie path (/, /api, etc.) |
| Secure | TRUE for HTTPS-only cookies |
| Expiry | Unix timestamp (0 = session cookie) |
| Name | Cookie name |
| Value | Cookie value |
Example file:
# Netscape HTTP Cookie File# This file was generated by orb.github.com TRUE / TRUE 0 _gh_sess abc123....github.com TRUE / FALSE 0 logged_in yesgithub.com FALSE / TRUE 0 user_session xyz789...Cookie Matching Rules
Section titled “Cookie Matching Rules”When sending cookies, orb matches based on:
-
Domain: Cookie domain must match or be a suffix of the request domain
- Cookie for
.example.commatchesapi.example.com - Cookie for
example.comonly matchesexample.com
- Cookie for
-
Path: Request path must start with cookie path
- Cookie for
/apimatches/api/users - Cookie for
/apidoes not match/other
- Cookie for
-
Secure: Secure cookies only sent over HTTPS
Examples
Section titled “Examples”Session-based API
Section titled “Session-based API”# Authenticate and get session cookieorb -c session.txt \ -X POST \ --json '{"username": "alice", "password": "secret"}' \ https://api.example.com/auth/login
# Make authenticated requestsorb -b @session.txt \ https://api.example.com/users/meWeb Scraping (Simplified)
Section titled “Web Scraping (Simplified)”# Get initial page (may set cookies)orb -c cookies.txt https://example.com
# Submit form with cookiesorb -b @cookies.txt -c cookies.txt \ -X POST \ -d "query=search+term" \ https://example.com/searchDebug Cookies
Section titled “Debug Cookies”Use -v to see cookies being sent and received:
orb -v -b @cookies.txt https://example.comOutput includes:
> Cookie: session=abc123; user=alice< Set-Cookie: updated_at=1704067200; Path=/