Did you ever have trouble with .ROBLOSECURITY cookies expiring? This can occur if a cookie is inactive, essentially leaving you with no way of knowing how long your current cookie will be valid. The Cookie Reload system provided will allow you to never worry about cookies expiring.
This system is inspired by Brooke’s (grilme99) Javascript Cookie Pool System, just written fully in Python.
Please note:
- You should only use this on bot accounts, as this will reset any existing cookies, inevitably logging all sessions out.
- This only works on active cookies, as it’s impossible to get the X-CSRF-Token (which is required for this system to work) from an invalid/expired cookie. You must have a valid cookie before implementing this system into your projects.
- This tutorial does not explain on how to set up a task to automatically refresh the cookie.
The system uses the https://auth.roblox.com/v2/logout
to get the X-CSRF-Token and the https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate
API endpoint to refresh the cookie.
Base code
# Importing the required modules for this system to work
import re, requests
# Getting the X-CSRF-Token using the existing cookie
cookie = "_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_A1B2C3D4E50000000"
xcsrfurl = "https://auth.roblox.com/v2/logout"
xsrfRequest = requests.post(xcsrfurl,
cookies={
'.ROBLOSECURITY': cookie
})
try: # Tries to get the X-CSRF-Token, will raise an Exception if it fails
XCSRFTOKEN = xsrfRequest.headers["x-csrf-token"]
except:
raise Exception()
# Creating a new cookie using the previous cookie and the newly generated X-CSRF-Token
reauthcookieurl = "https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate"
data = requests.post(reauthcookieurl,
cookies={
'.ROBLOSECURITY': cookie
},
headers={
'X-CSRF-TOKEN': XCSRFTOKEN
})
setcookie = data.headers['set-cookie'] # Gets the headers of the response from the cookie reload
# Getting the data between '.ROBLOSECURITY=' and '; domain=.roblox.com;` (which leaves us with the new cookie as ROBLOSECURITY)
ROBLOSECURITY = (re.search('.ROBLOSECURITY=(.+?); domain=.roblox.com;', setcookie)).group(1)
The base code above will provide you with a new .ROBLOSECURITY cookie (with the ROBLOSECURITY variable). All it needs is the previous cookie which will create a new one.
The base code is inefficient, since you need to modify the code each time in order to provide the new cookie. You can simplify this by using configparser
, a built-in Python module.
You must have an existing configparser file called db.ini created. Here is what it should look like:
db.ini example file
[roblox]
cookie = _|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_A1B2C3D4E500000...
Code with configparser module
# Importing the required modules for this system to work
import re, requests, configparser
# Reading the current cookie from db.ini using configparser
config = configparser.ConfigParser()
config.read('db.ini')
cookie = config["roblox"]["cookie"]
# Getting the X-CSRF-Token using the existing cookie
xcsrfurl = "https://auth.roblox.com/v2/logout"
xsrfRequest = requests.post(xcsrfurl,
cookies={
'.ROBLOSECURITY': cookie
})
try: # Tries to get the X-CSRF-Token, will raise an Exception if it fails
XCSRFTOKEN = xsrfRequest.headers["x-csrf-token"]
except:
raise Exception()
# Creating a new cookie using the previous cookie and the newly generated X-CSRF-Token
reauthcookieurl = "https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate"
data = requests.post(reauthcookieurl,
cookies={
'.ROBLOSECURITY': cookie
},
headers={
'X-CSRF-TOKEN': XCSRFTOKEN
})
setcookie = data.headers['set-cookie'] # Gets the headers of the response from the cookie reload
# Getting the data between '.ROBLOSECURITY=' and '; domain=.roblox.com;` (which leaves us with the new cookie as ROBLOSECURITY)
ROBLOSECURITY = (re.search('.ROBLOSECURITY=(.+?); domain=.roblox.com;', setcookie)).group(1)
# Saving the new cookie in the db.ini config file
config['roblox']['cookie'] = ROBLOSECURITY
with open('db.ini', 'w') as configfile:
config.write(configfile)
I hope this will help you out! Please leave any suggestions, opinions or bug reports in the comments