返回博客
自动化

Cookie and Session Management for Cloud Browser Automation

How to manage cookies and sessions across cloud browser instances, including persistence, import/export, and multi-session workflows.

Introduction

Cookies are the primary mechanism for maintaining login sessions, storing preferences, and tracking state across page loads. In cloud browser automation, managing cookies effectively is essential for maintaining persistent sessions, avoiding repeated logins, and supporting multi-account workflows.

Each BotCloud session starts with a clean cookie jar. This provides isolation between sessions but means you need a strategy for cookies you want to persist.

Saving Cookies

After authentication, save cookies for later reuse:

const browser = await puppeteer.connect({
  browserWSEndpoint: 'wss://bots.win/ws?apiKey=YOUR_API_KEY',
});

const page = await browser.newPage();
await page.goto('https://example.com/login');
await page.type('#email', 'user@example.com');
await page.type('#password', 'password');
await page.click('#submit');
await page.waitForNavigation();

// Save cookies
const cookies = await page.cookies();
const fs = require('fs');
fs.writeFileSync('cookies.json', JSON.stringify(cookies, null, 2));

await browser.close();

Restoring Cookies

Load saved cookies at the start of a new session:

const browser = await puppeteer.connect({
  browserWSEndpoint: 'wss://bots.win/ws?apiKey=YOUR_API_KEY',
});

const page = await browser.newPage();

// Load cookies before navigation
const cookies = JSON.parse(fs.readFileSync('cookies.json', 'utf-8'));
await page.setCookie(...cookies);

// Now navigate - should be logged in
await page.goto('https://example.com/dashboard');

Cookies should be set before the first navigation to the target domain. If set after, the initial page load will not include the cookies, potentially triggering a new session on the server side.

For workflows managing multiple accounts, organize cookies by account:

class CookieManager {
  constructor(storageDir) {
    this.storageDir = storageDir;
  }

  save(accountId, cookies) {
    const path = `${this.storageDir}/${accountId}.json`;
    fs.writeFileSync(path, JSON.stringify(cookies));
  }

  load(accountId) {
    const path = `${this.storageDir}/${accountId}.json`;
    if (!fs.existsSync(path)) return [];
    return JSON.parse(fs.readFileSync(path, 'utf-8'));
  }

  async applyToPage(page, accountId) {
    const cookies = this.load(accountId);
    if (cookies.length > 0) {
      await page.setCookie(...cookies);
    }
  }

  async saveFromPage(page, accountId) {
    const cookies = await page.cookies();
    this.save(accountId, cookies);
  }
}

Session Token Refresh

Many websites use short-lived session tokens. Build refresh logic into your workflow:

async function ensureLoggedIn(page, accountId, cookieManager) {
  await cookieManager.applyToPage(page, accountId);
  await page.goto('https://example.com/dashboard');

  // Check if session is valid
  const isLoggedIn = await page.evaluate(() => {
    return !document.querySelector('.login-form');
  });

  if (!isLoggedIn) {
    // Re-authenticate
    await page.goto('https://example.com/login');
    await page.type('#email', accounts[accountId].email);
    await page.type('#password', accounts[accountId].password);
    await page.click('#submit');
    await page.waitForNavigation();
  }

  // Save updated cookies
  await cookieManager.saveFromPage(page, accountId);
}

Not all cookies are useful to persist. Filter out tracking and analytics cookies to reduce storage and avoid stale data:

function filterCookies(cookies) {
  const keepDomains = ['example.com', '.example.com'];
  const skipNames = ['_ga', '_gid', '_fbp', '__gads'];

  return cookies.filter(cookie =>
    keepDomains.some(d => cookie.domain.endsWith(d)) &&
    !skipNames.includes(cookie.name)
  );
}

Best Practices

  1. Set cookies before first navigation to the target domain
  2. Filter cookies to keep only session-relevant ones
  3. Handle cookie expiration by checking and refreshing sessions
  4. Store cookies securely since they contain authentication tokens
  5. Use separate cookie files per account to prevent cross-contamination
  6. Verify cookie domain and path when importing to ensure they match the target site
#cookies#sessions#persistence#automation