I want to log into Gmail automatically using Python without the official Google API. My plan is to use a browser automation tool to handle the login process and grab the session cookies, then use those cookies with the requests library.
Here’s my current approach with browser automation:
from time import sleep
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import TimeoutException
browser = webdriver.Chrome()
wait_time = 25
browser.implicitly_wait(wait_time)
credentials = {
'input[name="identifier"]': '[email protected]',
'input[name="password"]': 'my_password123',
}
browser.get('https://accounts.google.com')
for selector, credential in credentials.items():
try:
input_field = WebDriverWait(browser, wait_time).until(
EC.element_to_be_clickable((By.CSS_SELECTOR, selector))
)
input_field.clear()
input_field.send_keys(credential)
next_btn = browser.find_element(By.ID, 'identifierNext')
next_btn.click()
sleep(2)
except TimeoutException:
print(f"Could not find element: {selector}")
break
After the login works, I try to transfer the cookies to a requests session:
The problem is that even when the browser login succeeds, using the cookies with requests gives me authentication errors or account unavailable messages. Has anyone successfully done this kind of Gmail automation? What am I missing in the cookie transfer process?
Your cookie transfer logic looks fine, but there’s probably session validation happening that you’re missing. When I worked on something similar, I found Gmail tracks browser fingerprinting stuff like screen resolution, timezone, and canvas rendering signatures. The requests library doesn’t match the same fingerprints your selenium browser creates, so Google flags it as suspicious.
Stick with selenium for your Gmail operations instead of switching to requests. You can run javascript through selenium to make HTTP calls, or use selenium’s request features. It’s slower but avoids the auth mismatch since you’re keeping the same browser context.
Google’s security goes way beyond cookie validation. They track device fingerprints, IP patterns, and analyze behavior in real time. Even with perfect headers and tokens, they’ll spot the mismatch between your selenium and requests calls.
Hit this exact issue last year automating email workflows. Wasted weeks on cookie transfers and header spoofing before finding a better way.
I ditched the Google anti-bot fight and switched to Latenode for Gmail automation. It handles authentication behind the scenes and connects to Gmail properly. No more cookie headaches or blocks.
Setup’s simple - authenticate once through their interface, then build workflows visually. I use it to read emails, send responses, and extract message data. Works consistently without the flaky selenium cookie mess.
Saved me 40+ hours of auth debugging. Sometimes it’s better to use the right tool instead of fighting the system.
Google’s bot detection is pretty aggressive and goes way beyond just cookies. You’re probably triggering security flags with that User-Agent mismatch between selenium and requests. I’ve dealt with this before - you need to keep the same User-Agent header from your browser session and grab those referer headers too. Random delays between requests help since it looks more human. Also check for hidden form tokens or session variables during login that you might be missing. Gmail sometimes drops extra auth tokens in localStorage or sessionStorage that won’t show up in your regular cookies.
yeah, gmail’s likely validating more than just cookies. use dev tools when logging in to spot the request headers and replicate those in your requests session too. also, check for any csrf tokens or session ids present on the page.