Skip to content

SOP 005: Reuse Auth Context

Fresh
FieldValue
SOP IDSOP-005
Version1.0
StatusActive
SourceSteel Auth Context Docs

Overview

Capture and transfer browser state (cookies, local storage) between sessions to maintain authenticated states without re-login.

Prerequisites

  • Steel API key
  • steel-sdk installed
  • Target site uses cookie or JWT-based authentication

Auth Reuse Flow

Procedure

Step 1: Create Initial Session and Authenticate

typescript
import Steel from 'steel-sdk';
import { chromium } from 'playwright';

const client = new Steel({
  steelAPIKey: process.env.STEEL_API_KEY,
});

// Create session
const session = await client.sessions.create();

// Connect and login
const browser = await chromium.connectOverCDP(
  `wss://connect.steel.dev?apiKey=${process.env.STEEL_API_KEY}&sessionId=${session.id}`
);

const page = browser.contexts()[0].pages()[0];
await page.goto('https://app.example.com/login');
await page.fill('input[name="username"]', 'user@example.com');
await page.fill('input[name="password"]', 'password');
await page.click('button[type="submit"]');

Step 2: Capture Session Context

typescript
// IMPORTANT: Capture BEFORE releasing the session
const sessionContext = await client.sessions.context(session.id);

Capture Before Release

Context can only be captured from live sessions. Always grab the context object before releasing.

Step 3: Release First Session

typescript
await browser.close();
await client.sessions.release(session.id);

Step 4: Create New Authenticated Session

typescript
const newSession = await client.sessions.create({ sessionContext });

// Connect - already authenticated!
const newBrowser = await chromium.connectOverCDP(
  `wss://connect.steel.dev?apiKey=${process.env.STEEL_API_KEY}&sessionId=${newSession.id}`
);

const newPage = newBrowser.contexts()[0].pages()[0];
await newPage.goto('https://app.example.com/dashboard');
// Already logged in!

Important Considerations

  • Cookie/JWT auth only - Does not work with session-based auth that validates server-side
  • Save last URL - Store the last visited URL alongside context for browsing continuity
  • Treat as sensitive - Session contexts contain auth tokens; handle securely
  • Refresh regularly - Sessions expire; periodically re-authenticate

Consider Profiles API

For a more robust solution, use the Profiles API which persists the complete browser profile including cookies, extensions, and settings.

Verification Checklist

  • [ ] Initial session authenticated successfully
  • [ ] Context captured before session release
  • [ ] New session created with captured context
  • [ ] Protected pages accessible without re-login
  • [ ] Context stored securely

See Also

SOP Documentation Hub - Built from Steel.dev Official Docs