So on the next cURL request you make, you need to specify the cookie file to send along with it. So you should be able to just save the cookie, then set it in the next request with CURLOPT_COOKIE. Here's something I used a while ago that worked:
$cookie = './temp.cookie';
$data = array(
'login_username' => 'username',
'login_password' => '',
'cookieuser' => '1',
'login_md5password' => 'supercalafragilisticexpialidocious',
'login_md5password_utf' => 'supercalafragilisticexpialidocious',
'do' => 'login',
's' => '',
);
$ch = curl_init("http://website.com/auth/login");
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
curl_close($ch);
$pattern = "#Set-Cookie: (.*?; path=.*?;.*?)\n#";
preg_match_all($pattern, $result, $matches);
array_shift($matches);
$cookie = implode("\n", $matches[0]);
unset($ch, $result);
$ch = curl_init('http://website.com/protected/page.php');
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
$result = curl_exec($ch);
curl_close($ch);
I've removed some sensitive info (urls, password hashes, etc), but the gist is still there.
