notebooklm-cookie-auth-keepalive

Google NotebookLM Cookie-Based Auth: Keepalive Mechanics

What keeps auth alive: SID (2yr) + SIDCC (1yr). httpx requests to NotebookLM return fresh SIDCC in Set-Cookie headers — merging these back into storage_state.json keeps the session perpetually valid.

CLI cookie extraction matters: The notebooklm CLI’s load_auth_from_storage() filters to 19 deduplicated cookies from allowed domains. Sending ALL 48 raw cookies (including YouTube, regional .google.co.in) causes Google to reject requests.

PSIDRTS are irrelevant: __Secure-*PSIDRTS (24h TTL) are browser-only rotation tokens. httpx/MCP auth ignores them — no need to refresh.

What kills auth: Zero activity for an extended period lets Google invalidate the session server-side regardless of cookie expiry dates. A single httpx request every 8h prevents this.

Playwright cookie injection fails: context.add_cookies() into a persistent Chromium context does NOT work for Google passive auth — always redirects to login. Only httpx with Cookie header works.

Permanent fix: Cron job every 8h runs /opt/shared/notebooklm-config/cookie-refresh.py — httpx request, captures Set-Cookie, merges refreshed SIDCC into storage_state.json, restarts MCP container. No browser/Playwright needed.

Disaster recovery: If session fully expires, use remote-login.py (SSH tunnel + Chrome DevTools Protocol on port 9222).

Related

• notebooklm-mcp-integration-pattern
• clawteam-openclaw-multi-agent-swarm-evaluation
• claude-code-to-nova-20260327-090715 (archived)
• playwright-cli-capability-nova (archived)
• enterprise-capability-expansion-5-pillars-from-digital-employee-analysis
• notebooklm-cookie-keepalive-cron-silent-failure-root-cause-a
• notebooklm-mcp-cli-auth-two-file-format
• notebooklm-cookie-refresh-cron-must-update-on-migration
• notebooklm-py-cookies-rejected-by-upstream-client-fingerprin
• google-auth-cookies-are-httponly-document-cookie-fails
• google-secure-1psidts-cookie-rotates-days-to-weeks