NotebookLM Cookie Keepalive Cron — Silent Failure Root Cause and Fix
NotebookLM Cookie Keepalive Cron — Silent Failure Root Cause and Fix
The NotebookLM cookie-refresh cron (every 8h) silently failed from day one due to a file permission bug, causing auth to expire after ~3 days of zero keepalive activity.
Root cause: cookie-refresh.sh used set -euo pipefail and wrote logs to /var/log/notebooklm-cookie-refresh.log. The claude user (UID 1002) has no write permission to /var/log/. The script crashed on line 14 (echo >> "$LOG") before the actual Python refresh ever executed. Every 8h cron run failed silently — cron daemon logged execution but the script exited immediately.
Fix applied (31-Mar-2026):
- Moved log path from
/var/log/notebooklm-cookie-refresh.logto/opt/shared/notebooklm-config/cookie-refresh.log(directory owned by claude) - Removed
set -euo pipefail— a keepalive script must not crash on log write failures - Added
2>/dev/nullto log echo to prevent any stderr noise from blocking execution
Verification: Manual run of cookie-refresh.sh succeeded — 17 cookies sent, 6 refreshed from Google Set-Cookie headers, log written correctly, MCP container auto-restarted.
Key files:
- Cron wrapper:
/opt/shared/notebooklm-config/cookie-refresh.sh - Python refresh:
/opt/shared/notebooklm-config/cookie-refresh.py - Storage:
/opt/shared/notebooklm-config/storage_state.json - Log:
/opt/shared/notebooklm-config/cookie-refresh.log
Lesson: Never use set -euo pipefail in keepalive/cron scripts where the primary function must execute regardless of logging failures. Log writes are secondary — the refresh is what matters.
Related
- notebooklm-cookie-auth-keepalive
claude-code-to-nova-enterprise-backup-v3-2026-03-25(archived)- enterprise-capability-expansion-5-pillars-from-digital-employee-analysis
- gws-oauth-token-expiry-testing-vs-production-consent-screen
claude-code-to-nova-20260327-090715(archived)- notebooklm-cookie-refresh-cron-must-update-on-migration