How to save session cookies in Wget

Saving session cookies when using wget allows scripted downloads to behave like authenticated browser visits instead of anonymous guests. Cookie-aware automation can reach dashboards, export endpoints, or archived documents that normally sit behind login screens, without repeating the full login flow for every call. Persisting session state in a cookie jar also reduces the need to embed passwords or tokens in plain text scripts.

Wget reads and writes cookie jars using the classic Netscape format, recording the domain, path, secure flag, expiry time, and key–value pair for each cookie. Options such as --save-cookies and --keep-session-cookies capture cookies returned by login responses, while --load-cookies replays them on later runs so the remote service treats subsequent requests as part of the same authenticated session. Combining these flags with form parameters in --post-data or --post-file makes it possible to script logins that mirror browser behaviour closely.

Session cookies usually contain opaque identifiers that map directly to signed-in accounts, so mishandling the cookie jar can expose full access to private data. The commands below assume an interactive shell on a Linux system with wget already installed and network connectivity to the target service. Restrictive file permissions, short-lived sessions, and routine deletion of cookie jars after use reduce risk while still supporting reliable automation.

Steps to save session cookies in Wget:

Choose a working directory where the cookie jar and downloaded files should be stored.
```
$ mkdir -p ~/wget-session
$ cd ~/wget-session
$ pwd
/home/alice/wget-session
```
Using a dedicated directory isolates cookie jars and downloaded artifacts from unrelated scripts and simplifies clean-up.

Send a login request with wget that saves all cookies from the response into a cookie jar file.

$ wget --save-cookies cookies.txt --keep-session-cookies --post-data 'username=alice&password=s3cr3t' -O /dev/null https://www.example.com/login
--2025-12-07 12:00:00--  https://www.example.com/login
Resolving www.example.com (www.example.com)... 203.0.113.10
Connecting to www.example.com (www.example.com)|203.0.113.10|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://www.example.com/dashboard [following]
##### snipped #####

The options --save-cookies and --keep-session-cookies instruct wget to record both persistent and session-only cookies from this run in cookies.txt.

Restrict permissions on the cookie jar so that only the owning account can read or modify it.
```
$ chmod 600 cookies.txt
$ ls -l cookies.txt
-rw------- 1 alice alice 1234 Dec  7 12:01 cookies.txt
```
Cookie jars often contain reusable session identifiers; leaving cookies.txt world-readable or in long-lived backups can expose authenticated access to other users, so remove the file with rm cookies.txt after automation completes.
Inspect the cookie jar to confirm that cookies for the target domain were recorded in Netscape format.
```
$ sed -n '1,5p' cookies.txt
# Netscape HTTP Cookie File
.example.com  TRUE  / FALSE 1893456000  sessionid abcdef1234567890
```
The Netscape cookie layout stores the cookie domain, domain-scope flag, path, secure flag, expiration timestamp, and finally the cookie name and value.

Reuse the saved cookies when fetching a page that requires the authenticated session.

$ wget --load-cookies cookies.txt -O dashboard.html https://www.example.com/dashboard
--2025-12-07 12:02:00--  https://www.example.com/dashboard
Resolving www.example.com (www.example.com)... 203.0.113.10
Connecting to www.example.com (www.example.com)|203.0.113.10|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10240 (10K) [text/html]
Saving to: ‘dashboard.html’

dashboard.html      100%[===================>]  10.00K  --.-KB/s    in 0.1s

2025-12-07 12:02:01 (96.0 KB/s) - ‘dashboard.html’ saved [10240/10240]

If the application refreshes session cookies frequently, combine --load-cookies cookies.txt with --save-cookies cookies.txt in the same command so updated tokens are written back to the jar for subsequent runs.

Verify that the downloaded page contains content that only appears for an authenticated user.
```
$ grep "Welcome, Alice" dashboard.html
Welcome, Alice
```
Successful reuse of session cookies is indicated by personalised content, absence of login prompts, and a 2xx success status in the preceding wget output.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.