[SOLVED] Copy a cookie from machine to another (solved)

[Perene]

I have a few Google accounts that I only used for Drive storage (free 15 GB each one). The problem with not using often is the fact these accounts have no cellphone in them so sometimes Google doesn't ask what the recovery email is to allow me to regain access to the account.

It will ask for a random phone number, to send a SMS and verify (but the problem with that is this: a single number is limited to a few accounts). Multiple uses will lock said account perhaps for WEEKS.

In Google's world if you erase cookies/temp files and/or switch device, browser, IP (mine is dynamic and changes every X days) then something is wrong and the "device" was not recognized.

*
So I had an idea:

- Apparently Google's cookies expire 2 years after creation date. So if I am logged into my account now, if I don't erase the cookies it will not log me out during that time.

If that's the case then I simply would need to copy the Google related cookies and paste them in the browser's folder again.

That would mean that even if I switch machine (both being PCs), operational system, IP, etc. the cookies themselves would keep me logged into that account.

Is this idea going to work? If it will, then how do I copy these cookies? And where they should be inserted (which folder?) Currently I am using OPERA. Edge and Firefox are also installed.

 

[USAFRet]

I'm fairly certain that would not work.

If it would, then if I wanted to impersonate you...all I'd have to do is find the relevant cookie and copy it to my system.

 

[hang-the-9]

I have a few Google accounts that I only used for Drive storage (free 15 GB each one). The problem with not using often is the fact these accounts have no cellphone in them so sometimes Google doesn't ask what the recovery email is to allow me to regain access to the account.

It will ask for a random phone number, to send a SMS and verify (but the problem with that is this: a single number is limited to a few accounts). Multiple uses will lock said account perhaps for WEEKS.

In Google's world if you erase cookies/temp files and/or switch device, browser, IP (mine is dynamic and changes every X days) then something is wrong and the "device" was not recognized.

*
So I had an idea:

- Apparently Google's cookies expire 2 years after creation date. So if I am logged into my account now, if I don't erase the cookies it will not log me out during that time.

If that's the case then I simply would need to copy the Google related cookies and paste them in the browser's folder again.

That would mean that even if I switch machine (both being PCs), operational system, IP, etc. the cookies themselves would keep me logged into that account.

Is this idea going to work? If it will, then how do I copy these cookies? And where they should be inserted (which folder?) Currently I am using OPERA. Edge and Firefox are also installed.

Simple fix, note down the password to those accounts so you don't put in the wrong passwords to need recovery on a notebook in your house. Chances of someone robbing the house and stealing those PW is pretty much 0.

 

[Perene]

Simple fix, note down the password to those accounts so you don't put in the wrong passwords to need recovery on a notebook in your house. Chances of someone robbing the house and stealing those PW is pretty much 0.

All the account names, passwords and personal data is written in a password-protected file. That's not the issue.

The problem with Google is that if you don't log into the account often then if you do again with:

• Same or different browser
• Same ISP and location (but not same IP, since it's dynamic)
• Same password correctly inserted

They will suddenly ask what the recovery email IS. Then for a few accounts they skip that crucial question and say "the device isn't recognized, so in order for you to access that account please inform a random cell phone number, so we can send you a SMS, then you insert the code here, hit OK, and access that account again".

Please note none of my Google accounts have ANY cellphone number inside them, informed for the recovery process.

Reasons for that:

• If you don't PAY the ISP then the line will get canceled.
• I probably can't inform the same number for more than 3, 4 accounts. Google will reject that idea.

Now, can you guess what will happen if you have 3, 4 accounts locked and asking for:

****
Then for a few accounts they skip that crucial question and say "the device isn't recognized, so in order for you to access that account again please inform a random cell phone number, so we can send you a SMS, then you insert the code here, hit OK, and access that account again".
*

Answer: the system will lock the account completely.

Why?

Because you will not be able to reutilize the same number over and over.

It will not ask what the recovery email is, and it will block the account, forcing you to wait weeks to use it again, because you can't verify with a random number and SMS code.

I know this is totally stupid, but it's how Google operates. They should only ask what my recovery email is. But they are not doing that for a few random accounts.

And there's another problem with all my multiple accounts:

- I am used to erase cookies/temp files from ALL my browsers, from time to time.

Google doesn't like that. It's probably why their cookies expire 2 years later.

That's why I asked here if simply copying the cookies for each account would guarantee I don't face these issues again.

And if I would stay logged.

Also, another problem is that after June 2021 if you don't log into the account every 2 years, all data may be REMOVED after that period of inactivity.

Since I don't log into ALL my accounts often, I wrote in that password-protected file when to return to them again. Which will be 1 year and 10 months after last login.

I am leaving 2 months to fix any locking of these accounts if I can't find a way to prevent them from happening.

 

[Ralston18]

In agreement with the preceding responses.

I have some financial accounts that now absolutely insist on requiring me to accept via a mobile phone a messaged confirmation code before I can access some given account.

Although it does appear that I can set some sort of "trust this PC" control but that only lasts for a limited amount of time.

Normally I would get confirmation codes via email or even a voice message (landline). Neither are considered secure or "proof of identity".

One such account cited IRS and NIST requirements that became effective over the last year or so.

E-mail accounts can live on multiple devices. However a mobile phone number can only be associated with one mobile phone. Theoretically the phone in your hand.

However a couple of my accounts still use email confirmation. Some accounts allow me to choose the means of confirmation. Including all the "secret" answers, etc..

Probably going to change soon - June 2021?

At least once a year I am prompted in some manner to change passwords and/or make other security related changes or confirmations. Or randomly (?) I get asked to provide those answers again.

[Had lots of "fun" with one account that wanted to send a confirmation code to my mobile phone but I could not get into the account to provide a mobile phone number because I could not provide a conformation number. Classic Catch-22. Finally got to a support person who understood the problem, was able toconfirm my identify, and then added the mobile phone number to the account information. ]

Anyway as stated, if what you would like to do worked then the bad guys have an "automatic" way to perhaps get into your accounts. Malware designed to harvest cookies....

So, copying cookies is probably not going to work and even in some places where that may/might still work - expect it to change.

Do not try to work around the "issues". Learn how it all works and proceed accordingly. That will be much more secure than trying to game the security measures.

Plus in this day and age there is more than enough justification (and I will suggest a requirement) to personally keep checking one's accounts on frequent basis.

Hopefully you might get some sort of "did you change X" message or email if the account is altered. I would not depend or rely on that either....

 

[Perene]

I was able to find a Firefox extension that can indeed save cookies and restore them once they are all erased after exiting the browser.

https://github.com/ysard/cookie-quick-manager

It saves as a .JSON file. So what I need to do is log into a Google account, select all cookies (option: SAVE ALL TO FILE) and then export. To import I need to use the option RESTORE COOKIES FROM FILE.

I read this link about copying a cookie from a machine to another: https://superuser.com/questions/186...om-one-browser-to-another-or-same-browser-fro

But the Chrome (or Chromium) extension didn't work (Cookie Editor), when I tried to use it.

So far importing the JSON file was able to restore the session from the Google account I was logged when saved.

**
About Google's issues, unfortunately they don't care about fixing these bugs.

I had a similar problem with a defunct phone number (another reason I don't like to use a phone number for the recovery process), because Google skipped the recovery email question and insisted in verifying my account sending a SMS. Believe me when I say it took me a month (yes, a MONTH!) to regain access to these accounts again.

So here's the takeaway from these experiences:

- Google servers freak out and treat you as a hacker/someone trying to steal the account, if you don't use enough. When I say use enough is log frequently, often.

- If you create a Google account, then erase all cokies, and months later return to it Google will say you are logging from an unknown device.

It doesn't matter if:

1) Our ISP is dynamic, so it may be the case that our IP changes every 2, 3 days;

2) We change the browser

3) We change the device used for login;

4) We erase all cokies/temporary files

5) We even change our ISP and location (our city, state, country...). Also note that dynamic IPs often point to another near location from the same state, so one day you might be using this IP: 1.2.3.4 from Manhattan, New York, and days later using 1.5.3.2 from Queens. That doesn't matter, yet Google think it does...

So, what Google should do?

• Ask what the recovery email is.
• Ask to send a SMS code only if (again: only if) you created your Google account providing a cellphone number. Google allows us to remove and not configure ANY NUMBER for it.
• Ask the last password we remember.

What is in fact happening?

Google is locking users out of their accounts all of sudden, and for no reason at all, asking a random phone number to send a SMS code to verify.

If you happen to have 3, 4, 5 accounts, the same number can't be used again and again.

I am not wasting more time trying to explain these imbeciles all these bugs, because they don't care about fixing them, and that's why their help forums are flooded. It's not because someone was indeed hacked and lost/had the account compromised. It's because Google can't stop with these antics and is more concerned about implementing infinite gender options for account creation than fixing this.

That's why if this idea of copying the current session cookies always works, then I will have guaranteed accessing these again, within the next 2 years, which is when the cookies expire. I hope they all last enough and if I try using them 1 year later they don't break.

Google practically beg us to not change items 1) through 5), especially 4).

*
Important: Google stopped asking the account creation date a while ago (month and year) to clear access to them.

 

[hang-the-9]

None of those are issues or bugs, they are created to keep from people stealing accounts and using mass accounts for spam and virus distribution. Really the only reason you are having the issue is that you are taking advantage of the free storage by making multiple accounts, which shows exactly why they have those measures in place, so their services are not abused. If a business offered a free coffee but one per customer, you are running outside, putting on a fake mustache, or glasses then going back in to get more free coffee under the guise of being someone else. The procedure is preventing the abuse of the accounts exactly like you are trying to do, or a hacker may try to do when they take over an account or make multiples for spam/virus use.

I have moved computers, and use many computers and phones many times, never had any issues with my Google logons. I have two, one I use for more secure accounts and one for general use things like forums or non-important things.