Are PayPal cookies linked to an IP address?

Question

I have been experimenting with curl for accessing the PayPal payment authorisation site using PHP.

e.g.

...
   $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
   curl_setopt($ch, CURLOPT_HEADER, true);
   curl_setopt($ch, CURLOPT_POSTFIELDS, $nvp);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
   $res = curl_exec ($ch);

   preg_match_all('/Set-Cookie: .*/', $res, $cookieMatches);

   foreach ($cookieMatches[0] as $cookieMatch)
      header($cookieMatch);

   preg_match('/Location: .*/', $res, $locMatches);
   header($locMatches[0]);

   header('Vary: Accept-Encoding');
   header('Strict-Transport-Security: max-age=500');
   header('Transfer-Encoding: chunked');
   header('Content-Type: text/html');

The principle being simply to reflect the original redirect (I am sure there is a simpler way to do this). However, the response from PayPal seems to indicate some kind of cookie error.

My hunch is that the cookie has been linked to the originating machine in some way. Can anyone confirm this, or am I just missing something obvious!

Answer 1

The CURL has built-in support for cookies (as you know). But it's been tricky. I haven't managed cookies to work until I declared option

curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

Third parameter is a name of the file storing cookies - preferably in temp folder. Maybe you should just try this approach.

With this the redirects work "automatically".