Python requests module: How to set cookies

Updated: January 2, 2024 By: Guest Contributor Post a comment

Introduction

Understanding how to handle cookies is pivotal for web scraping and automation tasks. This guide will cover the basics to more advanced usage scenarios of handling cookies using Python’s requests module.

Setting Basic Cookies

First, let’s look at setting cookies on a simple GET request. The requests module allows us to send HTTP/1.1 requests using Python. We’ll also handle a session object which maintains certain parameters across requests.

import requests

url = 'http://example.com'
cookies = {'sample_cookie': 'cookie_value'}

response = requests.get(url, cookies=cookies)
print(response.cookies)

This code sets a single cookie named ‘sample_cookie’ with a value of ‘cookie_value’ and prints out the cookies sent back from the server.

Using Session Objects

Session objects provide a way to persist certain parameters across requests.

with requests.Session() as session:
    session.cookies.set('session_cookie', 'session_value', domain='example.com', path='/')
    response = session.get('http://example.com')
    print(session.cookies)

In the example above, a session cookie is set explicitly for ‘example.com’ and printed out after making a GET request to the server.

Extracting and Setting Cookies from Responses

You can also extract cookies from a server’s response and use them for subsequent requests. The requests module automatically handles this for sessions.

with requests.Session() as session:
    first_response = session.get('http://example.com/login')
    for c in first_response.cookies:
        session.cookies.set(c.name, c.value)

    second_response = session.get('http://example.com/dashboard')
    print(second_response.cookies)

This will extract cookies received after a login request and use them to access another page in the same session.

Handling Cookie Domains and Paths

When manually setting cookies, it’s important to consider the domain and path parameters, as they determine when the cookie should be sent to the server.

import requests
from http.cookies import SimpleCookie

rawdata = 'PHPSESSID=q2t7ib3folu7bdujc6ui1qe016; path=/; domain=.example.com'
cookie = SimpleCookie()
cookie.load(rawdata)

session = requests.Session()
for key, morsel in cookie.items():
    session.cookies.set(morsel.key, morsel.value, domain=morsel['domain'], path=morsel['path'])

response = session.get('http://example.com')
print(response.cookies)

This code snippet uses the http.cookies module to parse a raw cookie string, then it sets these cookies into a session.

Advanced Usage: Custom CookieJar

For fine-tuned control over cookies, perhaps across different domains, using a custom CookieJar can be useful.

from requests import Request, Session
from requests.cookies import RequestsCookieJar

jar = RequestsCookieJar()
jar.set('cookie_name', 'cookie_value', domain='example.com', path='/dashboard')

s = Session()
req = Request('GET', 'http://example.com/dashboard', cookies=jar)
prepped = s.prepare_request(req)
response = s.send(prepped)
print(response.text)

Here, a custom RequestsCookieJar is populated with a cookie and then used in a prepared request within a session, giving you more control over which cookies are included in the request.

Secure and HttpOnly Cookies

For security-focused applications, it’s crucial to properly handle Secure and HttpOnly cookies. Although requests can’t set these annotations, it’s respectful of them when receiving from a server.

import requests

url = 'https://secure.example.com'
response = requests.get(url)

for cookie in response.cookies:
    if cookie.secure:
        print('Secure cookie:', cookie.name)
    if cookie.has_nonstandard_attr('HttpOnly'):
        print('HttpOnly cookie:', cookie.name)

This code will iterate over cookies from a secured server response and identify the Secure and HttpOnly cookies.

Conclusion

This guide provided a comprehensive dive into setting cookies while making HTTP requests using Python’s requests module. We touched upon the basics, session objects, advanced custom CookieJars, and finished up by considering security aspects of handling cookies. This knowledge lays the groundwork for tackling a wide range of web interaction tasks efficiently and securely.