py4u blog

How to Auto-Login with Cookies Using Selenium in Python: Which Cookies to Load for Automatic Authentication

In today’s digital age, automating repetitive tasks like logging into websites is a common need for developers, testers, and data scrapers. Manual login—typing usernames, passwords, and solving CAPTCHAs—can be time-consuming and error-prone. Enter cookies: small pieces of data stored by browsers to remember user sessions, preferences, and authentication status. By leveraging cookies with Selenium (a powerful browser automation tool), you can bypass manual login steps and auto-login to websites seamlessly.

But here’s the catch: not all cookies are created equal. Loading irrelevant cookies (e.g., for ads or analytics) won’t help with authentication. To auto-login successfully, you need to identify and load only the critical authentication cookies.

In this blog, we’ll demystify the process of auto-logging in with cookies using Selenium in Python. We’ll cover:

  • What cookies are and why they matter for authentication.
  • How to save cookies after manual login.
  • Which specific cookies to load (and which to ignore).
  • Step-by-step code examples to implement auto-login.
  • Common pitfalls and solutions.
2026-01

Table of Contents#

  1. What Are Cookies and Why Use Them for Auto-Login?
  2. Prerequisites
  3. Step 1: Manually Log In and Save Cookies
  4. Step 2: Identifying Which Cookies to Load for Auto-Login
  5. Step 3: Loading Saved Cookies to Auto-Login
  6. Common Challenges and Solutions
  7. Security Best Practices
  8. Conclusion
  9. References

What Are Cookies and Why Use Them for Auto-Login?#

What Are HTTP Cookies?#

Cookies are small text files stored by your browser when you visit a website. They contain key-value pairs and metadata (e.g., domain, expiration, security flags) to persist state between browser sessions. For authentication, cookies act as "digital keys" that tell the website, “This user is already logged in—no need to re-authenticate.”

Why Use Cookies for Auto-Login?#

  • Bypass Manual Input: No need to hardcode passwords or solve CAPTCHAs (if the session is still valid).
  • Faster Sessions: Skip login forms and redirects, saving time in automation workflows.
  • Session Persistence: Some cookies (persistent cookies) retain login status across browser restarts, enabling long-term auto-login.

Prerequisites#

Before diving in, ensure you have the following tools installed:

ToolPurpose
Python 3.xThe programming language for writing the automation script.
SeleniumBrowser automation library to control browsers programmatically.
WebDriverA driver (e.g., ChromeDriver for Chrome, GeckoDriver for Firefox) to interface with the browser.
webdriver_manager(Optional but recommended) Automatically manages WebDriver binaries, so you don’t need to download them manually.
Code Editor(e.g., VS Code, PyCharm) To write and run the script.

Install Dependencies#

Run these commands in your terminal to install required packages:

pip install selenium webdriver_manager

Step 1: Manually Log In and Save Cookies#

The first step is to manually log into the target website and save the authentication cookies to a file. This ensures we capture the cookies needed for auto-login.

Step 1.1: Set Up Selenium and Open the Browser#

Use Selenium to launch a browser, navigate to the website’s login page, and manually log in. We’ll then extract the cookies and save them to a JSON file (human-readable and easy to parse).

Example Code: Save Cookies After Manual Login#

from selenium import webdriver  
from selenium.webdriver.chrome.service import Service  
from webdriver_manager.chrome import ChromeDriverManager  
import json  
 
# Initialize Chrome browser  
driver = webdriver.Chrome(service=Service(ChromeDriverManager().install()))  
 
# Navigate to the login page (replace with your target website)  
driver.get("https://example.com/login")  
 
# Pause to manually log in: Enter username, password, solve CAPTCHAs if needed  
input("Press Enter in the terminal AFTER logging in successfully...")  
 
# Extract all cookies from the browser  
cookies = driver.get_cookies()  
 
# Save cookies to a JSON file  
with open("auth_cookies.json", "w") as f:  
    json.dump(cookies, f, indent=4)  
 
print("Cookies saved to auth_cookies.json!")  
 
# Close the browser  
driver.quit()

How It Works:#

  • webdriver.Chrome(...): Launches the Chrome browser using webdriver_manager to auto-install/upgrade ChromeDriver.
  • driver.get("https://example.com/login"): Navigates to the login page.
  • input(...): Pauses the script to let you manually log in (e.g., enter credentials, solve CAPTCHAs).
  • driver.get_cookies(): Fetches all cookies stored by the browser for the current domain.
  • json.dump(...): Saves the cookies to auth_cookies.json for later use.

Step 2: Identifying Which Cookies to Load for Auto-Login#

Not all cookies in auth_cookies.json are needed for auto-login. Many cookies are used for analytics (e.g., Google Analytics), ads (e.g., DoubleClick), or site preferences (e.g., theme settings). We need to filter out irrelevant cookies and keep only the authentication-related ones.

How to Inspect Cookies#

To identify critical cookies, use your browser’s developer tools:

  1. Open Chrome/Firefox and navigate to the logged-in website.
  2. Press F12 to open DevTools.
  3. Go to the Application tab (Chrome) or Storage tab (Firefox).
  4. Expand Cookies > Select the website’s domain (e.g., example.com).

You’ll see a list of cookies with attributes like Name, Value, Domain, Path, Expires, Secure, and HttpOnly.

Look for cookies with these traits—they’re likely responsible for login status:

CharacteristicDescription
Session ID CookiesNames like sessionid, PHPSESSID, or JSESSIONID (common in server-side sessions).
Token-Based CookiesNames like access_token, auth_token, or user_session (used in JWT/OAuth flows).
Domain/Path SpecificityMust match the website’s domain (e.g., example.com) and path (often / for global access).
Expires/Max-AgePersistent cookies have an expiration date (e.g., 2024-12-31), while session cookies expire when the browser closes.
HttpOnly/Secure FlagsCritical for security: HttpOnly prevents JavaScript access (reduces XSS risks), and Secure ensures cookies are sent only over HTTPS.

Example: Filtering Cookies#

Suppose auth_cookies.json contains 15 cookies, but only 3 are authentication-related. Here’s how to filter them:

Step 2.1: Inspect auth_cookies.json#

Open the file and look for entries like this (truncated for brevity):

[  
    {  
        "name": "sessionid",  
        "value": "abc123xyz456",  
        "domain": "example.com",  
        "path": "/",  
        "expires": 1717267200,  
        "secure": true,  
        "httpOnly": true,  
        "sameSite": "Lax"  
    },  
    {  
        "name": "analytics_id",  
        "value": "UA-12345-6",  
        "domain": "example.com",  
        "path": "/",  
        "expires": null,  
        "secure": false,  
        "httpOnly": false,  
        "sameSite": "None"  
    },  
    {  
        "name": "auth_token",  
        "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",  
        "domain": "example.com",  
        "path": "/",  
        "expires": 1717267200,  
        "secure": true,  
        "httpOnly": true,  
        "sameSite": "Strict"  
    }  
]

Step 2.2: Filter Irrelevant Cookies#

In this example:

  • sessionid and auth_token are critical (session/token-based, HttpOnly, Secure).
  • analytics_id is for tracking—ignore it.

To automate filtering, add logic to your script to keep only cookies with authentication-relevant names:

import json  
 
# Load all saved cookies  
with open("auth_cookies.json", "r") as f:  
    all_cookies = json.load(f)  
 
# Define keywords to identify authentication cookies (customize for your site!)  
auth_cookie_keywords = ["session", "auth", "token", "user"]  
 
# Filter cookies  
relevant_cookies = [  
    cookie for cookie in all_cookies  
    if any(keyword in cookie["name"].lower() for keyword in auth_cookie_keywords)  
]  
 
# Save filtered cookies to a new file (optional)  
with open("filtered_auth_cookies.json", "w") as f:  
    json.dump(relevant_cookies, f, indent=4)

Step 3: Loading Saved Cookies to Auto-Login#

Now that we have the relevant cookies, we’ll use Selenium to load them into a new browser session and auto-login.

Critical Note: Domain Compatibility#

Selenium requires the browser to be on the same domain as the cookies before adding them. If you try to add cookies for example.com while the browser is on google.com, Selenium will throw an error. Always navigate to the website’s domain first!

Example Code: Load Cookies and Auto-Login#

from selenium import webdriver  
from selenium.webdriver.chrome.service import Service  
from webdriver_manager.chrome import ChromeDriverManager  
import json  
 
# Initialize Chrome browser  
driver = webdriver.Chrome(service=Service(ChromeDriverManager().install()))  
 
# Step 1: Navigate to the website’s domain (critical for cookie compatibility)  
driver.get("https://example.com")  # Use the homepage, not the login page  
 
# Step 2: Load filtered authentication cookies  
with open("filtered_auth_cookies.json", "r") as f:  
    auth_cookies = json.load(f)  
 
# Step 3: Add cookies to the browser  
for cookie in auth_cookies:  
    # Selenium may reject cookies with "expires" as None (session cookies). Convert to 0 if needed.  
    if cookie.get("expires") is None:  
        cookie["expires"] = 0  
    driver.add_cookie(cookie)  
 
# Step 4: Refresh the page to apply cookies  
driver.refresh()  
 
# Verify auto-login (e.g., check for a "Welcome" message or user profile icon)  
if "Welcome, User" in driver.page_source:  
    print("Auto-login successful!")  
else:  
    print("Auto-login failed.")  
 
# Keep the browser open to inspect (optional)  
input("Press Enter to close the browser...")  
driver.quit()

How It Works:#

  • driver.get("https://example.com"): Ensures the browser is on the website’s domain before adding cookies.
  • driver.add_cookie(cookie): Adds each saved cookie to the browser. Selenium requires cookies to include name, value, domain, and path—these are preserved in the JSON file.
  • driver.refresh(): Reloads the page to apply the cookies, triggering the website to recognize the authenticated session.

Common Challenges and Solutions#

Even with the right cookies, auto-login can fail. Here are fixes for common issues:

Problem: Selenium throws InvalidCookieDomainException when adding cookies.
Cause: The browser isn’t on the same domain as the cookies (e.g., adding example.com cookies while on example.com/login).
Fix: Navigate to the root domain first (e.g., driver.get("https://example.com")) before adding cookies.

2. Expired Cookies#

Problem: Cookies fail to auto-login because they’ve expired.
Cause: Session cookies (no expires date) expire when the browser closes. Persistent cookies may have short lifespans.
Fix: Re-save cookies periodically (e.g., run the "save cookies" script weekly) to refresh expired ones.

Problem: Selenium rejects cookies with missing domain or path.
Cause: The saved cookies in auth_cookies.json may lack critical attributes (e.g., domain).
Fix: Ensure driver.get_cookies() captures all attributes. Avoid manually editing auth_cookies.json.

4. HttpOnly/Secure Cookies Not Working#

Problem: Cookies marked HttpOnly or Secure fail to load.
Cause: HttpOnly cookies are inaccessible to JavaScript but work with Selenium (since it controls the browser directly). Secure cookies require the website to use HTTPS.
Fix: Ensure the website is loaded over HTTPS (https://), and don’t modify HttpOnly/Secure flags in the JSON file.

Security Best Practices#

Cookies contain sensitive session data—handle them carefully:

  • Avoid Plain-Text Storage: Storing cookies in unencrypted JSON files risks exposure. Use encrypted storage (e.g., cryptography library) for sensitive sites.
  • Respect Website Terms of Service: Auto-login may violate a site’s robots.txt or terms of service (e.g., scraping protected data). Always check legal guidelines.
  • Limit Cookie Lifespan: Use session cookies (no expiration) instead of persistent cookies for short-term automation to reduce exposure if cookies are leaked.

Conclusion#

Auto-login with cookies and Selenium is a powerful way to automate website access. By following these steps—saving cookies after manual login, filtering for authentication-related cookies, and loading them correctly—you can bypass manual login steps and streamline workflows.

Remember: the key is to identify critical cookies (session IDs, tokens) and ensure they’re loaded with the correct domain/path. With this approach, you’ll save time and reduce errors in your automation scripts.

References#