SOP 005: Reuse Auth Context
Fresh| Field | Value |
|---|---|
| SOP ID | SOP-005 |
| Version | 1.0 |
| Status | Active |
| Source | Steel Auth Context Docs |
Overview
Capture and transfer browser state (cookies, local storage) between sessions to maintain authenticated states without re-login.
Prerequisites
- Steel API key
steel-sdkinstalled- Target site uses cookie or JWT-based authentication
Auth Reuse Flow
Procedure
Step 1: Create Initial Session and Authenticate
typescript
import Steel from 'steel-sdk';
import { chromium } from 'playwright';
const client = new Steel({
steelAPIKey: process.env.STEEL_API_KEY,
});
// Create session
const session = await client.sessions.create();
// Connect and login
const browser = await chromium.connectOverCDP(
`wss://connect.steel.dev?apiKey=${process.env.STEEL_API_KEY}&sessionId=${session.id}`
);
const page = browser.contexts()[0].pages()[0];
await page.goto('https://app.example.com/login');
await page.fill('input[name="username"]', 'user@example.com');
await page.fill('input[name="password"]', 'password');
await page.click('button[type="submit"]');Step 2: Capture Session Context
typescript
// IMPORTANT: Capture BEFORE releasing the session
const sessionContext = await client.sessions.context(session.id);Capture Before Release
Context can only be captured from live sessions. Always grab the context object before releasing.
Step 3: Release First Session
typescript
await browser.close();
await client.sessions.release(session.id);Step 4: Create New Authenticated Session
typescript
const newSession = await client.sessions.create({ sessionContext });
// Connect - already authenticated!
const newBrowser = await chromium.connectOverCDP(
`wss://connect.steel.dev?apiKey=${process.env.STEEL_API_KEY}&sessionId=${newSession.id}`
);
const newPage = newBrowser.contexts()[0].pages()[0];
await newPage.goto('https://app.example.com/dashboard');
// Already logged in!Important Considerations
- Cookie/JWT auth only - Does not work with session-based auth that validates server-side
- Save last URL - Store the last visited URL alongside context for browsing continuity
- Treat as sensitive - Session contexts contain auth tokens; handle securely
- Refresh regularly - Sessions expire; periodically re-authenticate
Consider Profiles API
For a more robust solution, use the Profiles API which persists the complete browser profile including cookies, extensions, and settings.
Verification Checklist
- [ ] Initial session authenticated successfully
- [ ] Context captured before session release
- [ ] New session created with captured context
- [ ] Protected pages accessible without re-login
- [ ] Context stored securely