Cookie Pool System

Resources Community Resources
#1

back on the grind

Ever found yourself working with bot account cookies that expire unexpectedly - preventing your entire app from working? Let’s face it - working with cookies is annoying and difficult.

My cookie pool system stops this issue. First, a Cookie Pool is a “pool” of cookies. This means that you have a large, unordered list of cookies. When you need to use one, you can select one at random in your application.

This uses the signoutfromallsessionsandreauthenticate API to refresh a cookie. I’ve seen lots of people who want to see this released and I decided to release the part that actually lets you refresh the cookie. The other bit (cron job that loops through all the cookies to refresh them) isn’t included here because it is far too built into my current project.

To use this in production, you should setup a cron job on your server (or use some sort of cloud system that runs the code every x time). I run it every 3 hours. You should loop through all the cookies in the pool. Refresh each one and overwrite the old one with the new one.

I have to give credit where credit is due, part of the code is taken from noblox.js!
(I will upload to NPM later today)

Code

relog.js (The forum doesn’t like syntax highlighting on this one for some reason :sob:)

/**
 * Module used to reload a cookie
 */

const request = require('request-promise')
const getVerificationInputs = require('./getVerificationInputs').func

module.exports = {
	/**
	 * Get the RequestVerificationToken
	 *
	 * @param {string} Cookie
	 */
	getVerification: cookie => {
		return new Promise((resolve, reject) => {
			return request({
				url: 'https://www.roblox.com/my/account#!/security',
				resolveWithFullResponse: true,
				headers: {
					cookie: `.ROBLOSECURITY=${cookie}`
				}
			}).then(res => {
				const inputs = getVerificationInputs({ html: res.body })
				var match

				if (res.headers && res.headers['set-cookie']) {
					match = res.headers['set-cookie']
						.toString()
						.match(/__RequestVerificationToken=(.*?);/)
				}

				resolve({
					inputs: inputs,
					header: match && match[1]
				})
			})
		})
	},

	/**
	 * Get the general token
	 *
	 * @param {string} Cookie
	 */
	getGeneralToken: async cookie => {
		return new Promise((resolve, reject) => {
			return request({
				// This will never actually sign you out because an X-CSRF-TOKEN isn't provided, only received
				url: 'https://api.roblox.com/sign-out/v1', // REQUIRES https. Thanks for letting me know, ROBLOX...
				resolveWithFullResponse: true,
				method: 'POST',
				headers: {
					cookie: `.ROBLOSECURITY=${cookie}`
				}
			}).catch(res => {
				var xcsrf = res.response.headers['x-csrf-token']
				if (xcsrf) {
					resolve(xcsrf)
				} else {
					reject('Did not receive X-CSRF-TOKEN')
				}
			})
		})
	},

	/**
	 * Reload a cookie
	 *
	 * @param {string} Cookie
	 */
	relog: cookie => {
		return new Promise(async (resolve, reject) => {
			if (!cookie) reject('no cookie supplied?')

			// Get verification token
			const verificationToken = await module.exports.getVerification(
				cookie
			)

			if (!verificationToken.header) return reject('Bad cookie')

			// Get general token
			const generalToken = await module.exports.getGeneralToken(cookie)
			// Refresh the token
			return request({
				url:
					'https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate',
				method: 'POST',
				resolveWithFullResponse: true,
				headers: {
					'X-CSRF-TOKEN': generalToken,
					cookie: `.ROBLOSECURITY=${cookie}`
				},
				form: {
					__RequestVerificationToken:
						verificationToken.inputs.__RequestVerificationToken
				}
			})
				.then(res => {
					const cookies = res.headers['set-cookie']

					if (cookies) {
						const newCookie = cookies
							.toString()
							.match(/\.ROBLOSECURITY=(.*?);/)[1]

						resolve(newCookie)
					} else {
						reject('Bad Roblox response')
					}
				})
				.catch(() => {
					reject('Bad Roblox response')
				})
		})
	}
}

getVerificationInputs.js (This is all taken from noblox)

// Dependencies
var parser = require('cheerio')

// Define
exports.func = function(args) {
	var $ = args.selector
	if (!$) {
		$ = parser.load(args.html)
	}
	var inputs = {}
	var find = [
		'__VIEWSTATE',
		'__VIEWSTATEGENERATOR',
		'__EVENTVALIDATION',
		'__RequestVerificationToken'
	]
	for (var i = 0; i < find.length; i++) {
		var get = find[i]
		inputs[get] = $('input[name=' + get + ']').val()
	}
	return inputs
}

Please let me know if you have any issue, questions or improvements!
What shall I release next?

52 Likes
Ranking Bot Goes Down After 24 Hours
Update cookie automatically?
How to Create a Rank Management System using Glitch
Roblox API Authentication issues
Python Roblox web API Cookie Reload System
How to Create a Rank Management System using Glitch
How to Create a Rank Management System using Glitch
[Node.js] rbxwebhook.js - simple node and Roblox event communication
How to Create a Rank Management System using Glitch
#2

Nice one.
Release Next: Devable with VSC
With the pool of cookies, what happens if one of the cookies are expired?

3 Likes
#3

Well the whole point is they won’t. If you’re refreshing every 3 hours like me it’s pretty much impossible for them to.

1 Like
#4

For some reason I thought this was a cooking system and was almost excited lol
Also for some reason I don’t know what this is

Anyway, thanks for this, though I have no experience in bots. Would you tell me how this can be used to make my games efficient. Ty

2 Likes
#5

It’s not for making games efficient. It’s for things on external servers. If you don’t have any experience with bots I don’t think you’ll have a real use for this.

2 Likes
#6

Nice! Might be able to apply this to something but we’ll see! Looks amazing.

2 Likes
#7

Thanks! I’m so ready for an npm module for this! Your projects are so good and I can’t wait to have an efficient bot that doesn’t expire

1 Like
#8

image
:eyes:

1 Like
#9

Yeah I never got around to it :joy:

If you really need it as an NPM package I might be able to upload soon?

#10

Yes. Please. I would need it as NPM package.

1 Like
#11

Didn’t notice this post until now.

This is actually pretty useful. Thanks!

(NPM when?)

1 Like
#12

Does relog.js automatically get the unordered cookies?

1 Like
#13

Does this work with glitch? It doesn’t seem to be working for me and I can’t tell if its me or glitch. Would a VPS be recommended because I currently am on a budget (of 0 lol)

1 Like
#14

You edit the source code of noblox package not implement it into your script (i think), Also glitch isnt ideal to use for Bots like these since they like to regen them alot, Invest into a VPS or somelike like that.

2 Likes
#15

As far as I know it should work with Glitch. However, Glitch doesn’t support Cron Jobs so this entire idea won’t work on there. You should invest in a cheap VPS.

2 Likes
#16

FYI request (including request-promise) has been deprecated. May be worth switching to something like axios.

1 Like
#17

Do we have to be signed in as the account your getting the cookie in. Im mean like do we have to be signed in as the account we are getting the cookie from 24/7?

#18

Clicking Log Out will invalidate the cookie. You can clear your cookies or use incognito to ‘sign out’ without invalidating the cookie.

#19

So your saying i can just use incognito to sign in with the bot account and leave the project running on there?

#20

What i was saying in my first comment was, do i need to be signed in as the bot account all the time to ge the cookie?