I'm doing some cURL work in php 5.3.0.

I'm wondering if there is any way to tell the curl handle/object to keep the cookies in memory (assuming I'm reusing the same handle for multiple requests), or to somehow return them and let me pass them back when making a new handle.

Theres this long accepted method for getting them in/out of the request:

curl_setopt($ch, CURLOPT_COOKIEJAR, $filename); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $filename);

But I'm hitting some scenarios where I need to be running multiple copies of a script out of the same directory, and they step on each others cookie files. Yes, I know I could use tempnam() and make sure each run has its own cookie file, but that leads me to my 2nd issue.

There is also the issue of having these cookie files on the disk at all. Disk I/O is slow and a bottle neck I'm sure. I dont want to have to deal with cleaning up the cookie file when the script is finished (if it even exits in a way that lets me clean it up).

Any ideas? Or is this just the way things are?

You can use the CURLOPT_COOKIEJAR option, and set the file to "/dev/null" for Linux / MacOS X or "NULL" for Windows. This will prevent the cookies from being written to disk, but it will keep them around in memory as long as you reuse the handle and don't call curl_easy_cleanup().

Unfortunately, I don't think you can use 'php://memory' as the input and output stream. The workaround is to parse the headers yourself. This can be done pretty easily. Here is an example of a page making two requests and passing the cookies yourself.

curl.php:

<?php

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://localhost/test.php?message=Hello!');
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($curl, CURLOPT_HEADER, true);  
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 

$data = curl_exec($curl);
curl_close($curl);

preg_match_all('|Set-Cookie: (.*);|U', $data, $matches);   
$cookies = implode('; ', $matches[1]);

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://localhost/test.php');
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($curl, CURLOPT_HEADER, true);  
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($curl, CURLOPT_COOKIE, $cookies);

$data = curl_exec($curl);
echo $data;

?>

test.php:

<?php
session_start();
if(isset($_SESSION['message'])) {
    echo $_SESSION['message'];
} else {
    echo 'No message in session';
}

if(isset($_GET['message'])) {
    $_SESSION['message'] = $_GET['message'];
}
?>

This will output 'Hello!' on the second request.

Just set CURLOPT_COOKIEFILE to a file that doesn't exist, usually an empty string is the best option. Then DON'T set CURLOPT_COOKIEJAR, this is the trick. This will prevent a file from being written but the cookies will stay in memory. I just tested this and it works (my test: send http auth data to a URL that redirects you to a login URL that authenticates the request, then redirects you back to the original URL with a cookie).

If using Linux, you could set these to point somewhere within /dev/shm .. this will keep them in memory and you can be assured that they won't persist across re-boots.

I somehow thought that Curl's cleanup handled the unlinking of cookies, but I could be mistaken.

There is but it's completely unintuitive.

curl_setopt($curl, CURLOPT_COOKIEFILE, "");

For more details please see my answer in the comments

What works for me is using this setting:

curl_setopt($ch, CURLOPT_HEADER, 1);

And then parsing the result. Details in this blog post where I found out how to do this.
And since that is old, here is a gist replacing deprecated functions.