This is a question or suggestion about cookies

[steamAuto8988]

The explanation I found for cookies in the steamkit project is as follows sessionid-> Can be generated locally steamLoginSecure -> steam +'%7C%7C' + access_token

When web login，we get it refresh_token，refresh_token valid for 1 year。 we get access_token by refresh_token. access_token vaild for 1 day. Can we change the LoginExecutor.set_sessionid_cookies method for setting cookies? I'm sorry, I'm new to python and there are a lot of things that could be affected by my changes, so bring up this' problem 'or' suggestion 'in the issue?

example generateSessionID

def _random_hex_number():
    buffer = secrets.token_bytes(16)
    hexStr = ''
    for e in buffer:
        hexStr += hex(e)
    return hexStr


def _generateSessionID():
    return _random_hex_number()

example refresh accessToken

    def _refreshSession(self):
        data = {
            "refresh_token": self.refreshToken,
            "steamid": self.steamId
        }

        try:
            resp = requests.post(url='https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/', data=data, headers={'Referer': 'https://steamcommunity.com'},
                                 proxies=ProxyConfig.__dict__())
            if resp.status_code == 200 and resp.text is not None:
                body = resp.json()
                self.accessToken = body['response']['access_token']
        except ProxyError as e:

            return

[borisenko09]

I confirm that after 1 day the session ceases to be active and the repeated login method does not allow the account to become online, only a complete restart helps

[steamAuto8988]

I confirm that after 1 day the session ceases to be active and the repeated login method does not allow the account to become online, only a complete restart helps Maybe you can try updating steamLoginSecure by refreshing access_token, I'm sure steamLoginSecure is available to do so. In the my github,I have a project that uses this。

[borisenko09]

I tried to logout when is_session_alive responds that the session has ended and login again, but it didn’t help, probably you really need to add the _refreshSession function so that you can stay online for more than 1 day

[sattarov1960]

why is this needed? def _random_hex_number(): buffer = secrets.token_bytes(16) hexStr = '' for e in buffer: hexStr += hex(e) return hexStr

def _generateSessionID(): return _random_hex_number()

UPD. Can I just request an access token refresh? data = { "refresh_token": self.refreshToken, "steamid": self.steamId }

    try:
        resp = requests.post(url='https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/', data=data, headers={'Referer': 'https://steamcommunity.com'},
                             proxies=ProxyConfig.__dict__())

UPD2 Where can I get a refresh token?

[wolfovik]

why is this needed? def _random_hex_number(): buffer = secrets.token_bytes(16) hexStr = '' for e in buffer: hexStr += hex(e) return hexStr

def _generateSessionID(): return _random_hex_number()

UPD. Can I just request an access token refresh? data = { "refresh_token": self.refreshToken, "steamid": self.steamId }

    try:
        resp = requests.post(url='https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/', data=data, headers={'Referer': 'https://steamcommunity.com'},
                             proxies=ProxyConfig.__dict__())

UPD2 Where can I get a refresh token?

ligin.py

def _pool_sessions_steam(self, client_id, request_id):
        pool_data = {
            'client_id': client_id,
            'request_id': request_id
        }
        response = self._api_call('POST', 'IAuthenticationService', 'PollAuthSessionStatus', params = pool_data)
        self.refresh_token = response.json()["response"]["refresh_token"]

[SamuelKollar]

Is there a tested solution for making the session last longer than a day ? If so, can anyone provide me a sample of their code ? I have been trying to make it work for some time now but cannot I seem to find a reliable solution.

[steamAuto8988]

@SamuelKollar I can refresh the session with refresh_token generated by steamkit2, but the refresh_token in this project cannot refresh the session. If you need to refresh the session using the method I described, please use the refresh_token generated by steamkit2

[steamAuto8988]

why is this needed? def _random_hex_number(): buffer = secrets.token_bytes(16) hexStr = '' for e in buffer: hexStr += hex(e) return hexStr def _generateSessionID(): return _random_hex_number() UPD. Can I just request an access token refresh? data = { "refresh_token": self.refreshToken, "steamid": self.steamId }

    try:
        resp = requests.post(url='https://api.steampowered.com/IAuthenticationService/GenerateAccessTokenForApp/v1/', data=data, headers={'Referer': 'https://steamcommunity.com'},
                             proxies=ProxyConfig.__dict__())

UPD2 Where can I get a refresh token?

ligin.py

def _pool_sessions_steam(self, client_id, request_id):
        pool_data = {
            'client_id': client_id,
            'request_id': request_id
        }
        response = self._api_call('POST', 'IAuthenticationService', 'PollAuthSessionStatus', params = pool_data)
        self.refresh_token = response.json()["response"]["refresh_token"]

sorry，I don't know why, refresh_token generated using steampy can't refresh access_token, the current issue may be misleading. However, the refresh_token I generated using steamkit2 can be used to refresh the access_token

[steamAuto8988]

good,it's still me, if you have a refresh_token ,you want alive refresh a session with steam，invoke finalized_response = self._finalize_login() self._perform_redirects(finalized_response.json()) function in class LoginExecutor.

How todo test? LoginExecutor add function def refreshSession(self): finalized_response = self._finalize_login() self._perform_redirects(finalized_response.json()) loginExecutor = LoginExecutor() loginExecutor.refresh_token='your refresh_token' loginExecutor.refreshSession()

[bukson]

so we can do a function refresh_session that takes this refresh token and basically clalse finalzie login and performs redicrects?

Do I understand it correctly @steamAuto8988 ?

[steamAuto8988]

so we can do a function refresh_session that takes this refresh token and basically clalse finalzie login and performs redicrects?

Do I understand it correctly @steamAuto8988 ?

right，Can you commit pr?I need this function.

[bukson]

I will try to add it by the end of the week

[bukson]

So how to obtain this refresh token, LoginExecutor does it in _pool_session_steam, or should it be done manually

def refreshSession(self): 
  finalized_response = self._finalize_login()
  self._perform_redirects(finalized_response.json()) 
  loginExecutor = LoginExecutor() 
  loginExecutor.refresh_token='your refresh_token' 
  loginExecutor.refreshSession()

[steamAuto8988]

So how to obtain this refresh token, LoginExecutor does it in _pool_session_steam, or should it be done manually

def refreshSession(self): 
  finalized_response = self._finalize_login()
  self._perform_redirects(finalized_response.json()) 
  loginExecutor = LoginExecutor() 
  loginExecutor.refresh_token='your refresh_token' 
  loginExecutor.refreshSession()

nice. Thank you.

[bukson]

It was a question, loginExecutor does refresh token by finallize login and performing redicrects, so there is no need to provide it manually right?

[steamAuto8988]

It was a question, loginExecutor does refresh token by finallize login and performing redicrects, so there is no need to provide it manually right?

Yes. But my suggestion is to provide it manually, persisting the refresh token after the login is complete. Without persistence, the developer would still need to invoke the login function after restarting the application, which I feel defeats the purpose of steam providing refresh tokens. What do you think

[bukson]

Still quite confused. So we need to save this first refresh token to client and the use it in subsequent calls? You are saying that developer would need to do something manually (provide token) but you dont want other manual work (calling function)?

[steamAuto8988]

Still quite confused. So we need to save this first refresh token to client and the use it in subsequent calls? You are saying that developer would need to do something manually (provide token) but you dont want other manual work (calling function)?

Well, I'll try to submit a PR this week, but my code is of poor quality, so merge if you feel up to it. What do you think?

[bukson]

I can refactor the code but keep the logic so please provide what you can

[SamuelKollar]

Any new updates on this issue ?

[1e0n-xx]

if you use SDA to login in your acc, and you will get a maFile, the refresh token is inside.

[MaxsonClackson]

What facts did you draw conclusions about access_token? Did you find out about this empirically through the work of the Steam js code? I did not find any functions in the code for checking values and updating steamLoginSecure. I think that the "Remember Me" checkbox sets the long life of the session and this information is stored on Steam servers, despite the lifetime of the steamLoginSecure cookie for more than a year, both when the checkbox is turned on or off.

[SamuelKollar]

Okay, but the problem is that when the session drops and I try to relogin the bot it doesnt work.