This document describes the cookie and HAR (HTTP Archive) file management system in g4f, which provides authentication credentials to provider implementations. The system supports multiple cookie sources including HAR files, JSON exports, and direct browser extraction. For authentication flows and provider-specific authentication patterns, see 9.1 Authentication Overview and 9.4 Provider-Specific Auth Patterns. For browser automation used to obtain cookies interactively, see 9.3 Browser Automation.
The cookie management system maintains an in-memory cache of cookies organized by domain, with support for persistent storage via HAR and JSON files.
Sources: g4f/cookies.py46-48 g4f/cookies.py79-88 g4f/cookies.py181-227
The CookiesConfig class provides centralized cookie storage with domain-based organization:
| Attribute | Type | Description |
|---|---|---|
cookies | Dict[str, Cookies] | In-memory cookie cache by domain |
cookies_dir | str | Directory path for HAR/JSON files |
The cookies dictionary maps domain names to cookie dictionaries (name → value pairs). Supported domains are defined in g4f/cookies.py61-73:
.bing.com, .meta.ai, .google.com, www.whiterabbitneo.com, huggingface.co,
.huggingface.co, chat.reka.ai, chatgpt.com, .cerebras.ai, github.com, yupp.ai
Sources: g4f/cookies.py46-48 g4f/cookies.py61-73
Sources: g4f/cookies.py79-88 g4f/cookies.py99-126 g4f/cookies.py181-227
The get_cookies() function implements a priority system:
browser_cookie3 g4f/cookies.py85The cache_result parameter controls whether cookies are cached in memory. Set to False for temporary cookie loading g4f/cookies.py79-80
Sources: g4f/cookies.py79-88
HAR (HTTP Archive) files capture complete HTTP sessions including cookies, headers, and tokens. The system parses HAR files to extract authentication credentials.
The _parse_har_file() function extracts cookies organized by domain g4f/cookies.py137-161:
Sources: g4f/cookies.py137-161
For each HAR entry, the domain is detected by:
host or :authority headers g4f/cookies.py146-150DOMAINS list g4f/cookies.py151Sources: g4f/cookies.py145-151
Different providers require different tokens from HAR files. The OpenAI provider uses specialized parsing g4f/Provider/openai/har_file.py61-92:
| Provider | HAR Parser | Extracted Data |
|---|---|---|
| OpenAI | readHAR() in har_file.py | access_token, proof_token, turnstile_token, arkose_request |
| Copilot | readHAR() in Copilot.py | authorization, x-useridentitytype, cookies |
| MicrosoftDesigner | readHAR() in MicrosoftDesigner.py | authorization, user-agent |
Sources: g4f/Provider/openai/har_file.py61-92 g4f/Provider/Copilot.py393-416 g4f/Provider/needs_auth/MicrosoftDesigner.py123-143
The RequestConfig class stores parsed HAR data for OpenAI authentication g4f/Provider/openai/har_file.py28-36:
| Attribute | Type | Purpose |
|---|---|---|
cookies | dict | Session cookies |
headers | dict | Request headers |
access_token | str | Bearer token extracted from response |
proof_token | list | Proof-of-work token (base64 decoded) |
turnstile_token | str | Cloudflare Turnstile token |
arkose_request | arkReq | Arkose challenge data |
arkose_token | str | Generated Arkose token |
Sources: g4f/Provider/openai/har_file.py28-36 g4f/Provider/openai/har_file.py61-92
The parseHAREntry() function processes Arkose challenge requests g4f/Provider/openai/har_file.py97-110:
bda parameter from POST datadecrypt(bda, userAgent + x-ark-esync-value)arkReq.arkBxSources: g4f/Provider/openai/har_file.py97-110
Proof tokens are extracted from openai-sentinel-proof-token headers g4f/Provider/openai/har_file.py81-85:
gAAAAAB prefix)RequestConfig.proof_tokenSources: g4f/Provider/openai/har_file.py81-85
JSON cookie files provide a simple export format for browser cookies. The _parse_json_cookie_file() function parses these files g4f/cookies.py164-178:
The parser groups cookies by domain and stores them in the same structure as HAR-parsed cookies g4f/cookies.py174-175
Sources: g4f/cookies.py164-178
The browser_cookie3 library extracts cookies from installed browsers' local storage. Supported browsers g4f/cookies.py31-35:
g4f (nodriver user data), firefox, chrome, chromium, opera, opera_gx,
brave, edge, vivaldi
A custom browser function targets the g4f nodriver user data directory g4f/cookies.py21-29:
This allows reading cookies from browser automation sessions initiated by the g4f system.
Sources: g4f/cookies.py21-29
The load_cookies_from_browsers() function iterates through browser functions g4f/cookies.py99-126:
Sources: g4f/cookies.py99-126
On Linux systems without a D-Bus session, the password manager is overridden to avoid keyring prompts g4f/cookies.py75-76:
Sources: g4f/cookies.py75-76
The cookie system organizes files in a dedicated directory structure:
har_and_cookies/ (or custom directory)
├── .env # Environment variables
├── *.har # HAR archive files
├── *.json # JSON cookie exports
├── auth_Gemini.json # Gemini rotated cookies
└── .nodriver_is_open # Browser lock file
The default directory is determined by g4f/cookies.py48:
CUSTOM_COOKIES_DIR if it exists, otherwiseCOOKIES_DIR from config (typically ./har_and_cookies/)Sources: g4f/cookies.py48 g4f/config.py (implied)
The read_cookie_files() function scans the cookies directory g4f/cookies.py205-212:
Note: Only the top level is scanned; subdirectories are ignored.
Sources: g4f/cookies.py205-212
The FastAPI server provides an endpoint for uploading cookie files at runtime g4f/api/__init__.py725-744:
Request:
multipart/form-data.har or .json filesProcess:
get_cookies_dir() g4f/api/__init__.py738-739read_cookie_files() to reload cache g4f/api/__init__.py743Response:
Sources: g4f/api/__init__.py725-744
Some providers implement automatic cookie rotation to maintain valid sessions.
Gemini implements automatic cookie refresh every 15 minutes g4f/Provider/needs_auth/Gemini.py103-147:
Sources: g4f/Provider/needs_auth/Gemini.py103-147 g4f/Provider/needs_auth/Gemini.py479-508
The rotate_1psidts() function g4f/Provider/needs_auth/Gemini.py479-508:
auth_Gemini.json was modified within 60 seconds g4f/Provider/needs_auth/Gemini.py486ROTATE_COOKIES_URL g4f/Provider/needs_auth/Gemini.py488-494__Secure-1PSIDTS from response g4f/Provider/needs_auth/Gemini.py501auth_Gemini.json g4f/Provider/needs_auth/Gemini.py502-506Sources: g4f/Provider/needs_auth/Gemini.py479-508
Each unique __Secure-1PSID cookie gets its own rotation task g4f/Provider/needs_auth/Gemini.py201-206:
This prevents duplicate rotation tasks for the same session.
Sources: g4f/Provider/needs_auth/Gemini.py201-206
The read_cookie_files() function loads environment variables from .env g4f/cookies.py191-196:
| Variable | Type | Purpose |
|---|---|---|
G4F_BROWSER_PORT | int | Remote Chrome DevTools port |
G4F_BROWSER_HOST | str | Remote Chrome host (default: 127.0.0.1) |
G4F_BROWSER_IMPERSONATE | str | Browser impersonation mode |
These are stored in BrowserConfig g4f/cookies.py198-203:
Sources: g4f/cookies.py191-203 g4f/cookies.py50-59
The FastAPI application loads cookies at startup via the lifespan context manager g4f/api/__init__.py94-102:
The ignore_cookie_files flag allows disabling automatic cookie loading g4f/api/__init__.py97
Sources: g4f/api/__init__.py94-102 g4f/api/__init__.py180
Add or remove cookies from the cache g4f/cookies.py91-96:
set_cookies("chatgpt.com", {"session": "value"})set_cookies("chatgpt.com", None) or set_cookies("chatgpt.com")Sources: g4f/cookies.py91-96
Change the directory for HAR/JSON file discovery g4f/cookies.py129-130
Sources: g4f/cookies.py129-130
The OpenAI HAR module provides utility functions:
Returns a list of HAR file paths sorted by modification time (oldest first) g4f/Provider/openai/har_file.py47-59:
Sources: g4f/Provider/openai/har_file.py47-59
Extracts headers from a HAR entry, excluding content-length, cookie, and headers starting with : g4f/Provider/openai/har_file.py94-95:
Sources: g4f/Provider/openai/har_file.py94-95
The cookie system raises specific exceptions:
| Exception | Condition | File |
|---|---|---|
NoValidHarFileError | No HAR files found | g4f/Provider/openai/har_file.py49 |
NoValidHarFileError | No cookies in HAR | g4f/Provider/Copilot.py414 |
NoValidHarFileError | No access token in HAR | g4f/Provider/needs_auth/MicrosoftDesigner.py141 |
MissingRequirementsError | browser_cookie3 not installed | g4f/cookies.py105 |
MissingAuthError | Invalid cookies during rotation | g4f/Provider/needs_auth/Gemini.py497 |
Sources: g4f/Provider/openai/har_file.py49 g4f/Provider/Copilot.py414 g4f/Provider/needs_auth/MicrosoftDesigner.py141 g4f/cookies.py105 g4f/Provider/needs_auth/Gemini.py497
Providers access cookies through the standard interface:
Sources: g4f/Provider/needs_auth/OpenaiChat.py g4f/Provider/needs_auth/Gemini.py g4f/Provider/Copilot.py
The OpenaiChat provider uses HAR files for comprehensive authentication g4f/Provider/needs_auth/OpenaiChat.py118-136:
get_request_config()RequestConfig (access_token, proof_token, arkose_token)RequestConfig.cookiesSources: g4f/Provider/needs_auth/OpenaiChat.py118-136 g4f/Provider/openai/har_file.py156-162
Gemini loads cookies and extracts the SNlM0e token g4f/Provider/needs_auth/Gemini.py177-200:
get_cookies(GOOGLE_COOKIE_DOMAIN) g4f/Provider/needs_auth/Gemini.py177r'SNlM0e\":\"(.*?)\"' g4f/Provider/needs_auth/Gemini.py426-428Sources: g4f/Provider/needs_auth/Gemini.py177-200 g4f/Provider/needs_auth/Gemini.py420-437
Refresh this wiki